Some Clouds are Meant to be Kept Private

Similar documents
SOME CLOUDS ARE MEANT TO BE KEPT PRIVATE

Public or Private Cloud: The Choice is Yours

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

WhitePaper. Private Cloud Computing Essentials

The Production Cloud

Why You Should Consider the Cloud

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

CLOUD ERP AND ACCOUNTING: SELECTION AND PLANNING GUIDE

Cloud Computing An Auditor s Perspective

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

Computing: Public, Private, and Hybrid. You ve heard a lot lately about Cloud Computing even that there are different kinds of Clouds.

How To Choose A Cloud Computing Solution

Is a Cloud ERP Solution Right for You?

TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF

How To Understand Cloud Computing

Clearing the ERP Clouds

Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration

White paper Reaping Business Value from a Hybrid Cloud Strategy

Elastic Private Clouds

CLOUD SERVICES AS A BUSINESS DRIVER FOR RESELLERS

SOLUTIONS AS A SERVICE

WHITE PAPER. A Practical Guide to Choosing the Right Clouds Option and Storage Service Levels.

Ten Myths of Cloud Computing. Gene Eun Sr. Director Product Marketing, Cloud September 29, 2014

How To Compare The Two Cloud Computing Models

Processing invoices in the cloud or on premises pros and cons

How a Hybrid Cloud Strategy Can Empower Your IT Department

Cloud Services Overview

Why you should ConsIder The Cloud

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

How cloud computing can transform your business landscape

Reaping the Benefits of Cloud Computing

MOVING TO THE CLOUD: Understanding the Total Cost of Ownership

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

<Insert Picture Here> Enterprise Cloud Computing: What, Why and How

Cloud, Community and Collaboration Airline benefits of using the Amadeus community cloud

The cloud - ULTIMATE GAME CHANGER ===========================================

FOR THE FUTURE OF DATA CENTERS?

A Guide to. Cloud Services for production workloads

How To Use Windows Small Business Server 2011 Essentials

Enterprise Cloud Solutions

How On-Premise ERP Deployment Compares to a Cloud (SaaS) Deployment of Microsoft Dynamics NAV

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise

Cloud Computing; the GOOD, the BAD and the BEAUTIFUL

Developing SAP Enterprise Cloud Computing Strategy

10 Critical Requirements for Cloud Applications:

CLOUD, SCHMOUD: CAN YOU SAY YOUR DATA S SAFE?

Infopaper. Demystifying Platform as a Service

SECURITY IN THE HYBRID CLOUD:

Cloud Computing Trends

Evaluating SaaS vs. on premise for ERP systems

EMC PERSPECTIVE. The Private Cloud for Healthcare Enables Coordinated Patient Care

Is Cloud ERP Really Cheaper?

How To Protect Your Cloud From Attack

Ironside Group Rational Solutions

Cloud Computing Guidelines

Finding Your Cloud: A down-to-earth guide to planning your cloud investment. Getting the full benefit of a key strategic technology investment

How To Run A Cloud Computer System

Leveraging the Cloud for Your Business

Shaping Your IT. Cloud

Whitepaper. A Practical Guide to Choosing the Right Cloud Option and Storage Service Levels. Executive Summary

RESEARCH NOTE NETSUITE S IMPACT ON E-COMMERCE COMPANIES

Security Issues in Cloud Computing

Cloud Services Catalog with Epsilon

Infrastructure as a Service (IaaS) Dancik International and Peak 10

Cloud P ROVIDER CHOOSE A HOW TO. A White Paper presented by

How To Choose A Cloud Based Erp System From Microsoft.Com

A new Breed of Managed Hosting for the Cloud Computing Age. A Neovise Vendor White Paper, Prepared for SoftLayer

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS

How To Understand Cloud Computing

Cloud Computing in Banking

Sage ERP I White Paper. ERP and the Cloud: What You Need to Know

Finding the right cloud solutions for your organization

New to the Cloud? DSG s Guide to Cloud Accelerated Business. dsgcloud.com A DSG WHITE PAPER

Accenture Cloud Platform Unlocks Agility and Control

The SMB IT Decision Maker s Guide: Choosing a SaaS Service Management Solution

Pros & Cons of Cloud Computing

A Comprehensive Cloud Management Platform with Vblock Systems and Cisco Intelligent Automation for Cloud

Transcription:

Some Clouds are Meant to be Kept Private Addressing the Application Needs of Businesses for Sensitive Data & Customized Applications WHITE PAPER

Contents EXECUTIVE SUMMARY INTRODUCTION THE RIGHT CLOUD FOR THE APPLICATION Public Cloud Private Cloud How do breaches happen in multi-tenant environment? PROTECT ENTERPRISE DATA PRIVATE CLOUD A CRITICAL COMPONENT OF YOUR IT STRATEGY DON T JUMP RIGHT IN: SELECT THE RIGHT PRIVATE CLOUD PROVIDER CONCLUSION RESOURCES 2014 Tribridge All rights reserved.

Executive Summary Cloud adoption is increasing at a rapid pace and as more businesses are looking to deploy some type of cloud technology, it is worth taking a step back to understand how it works with an organization s goals and objectives. The numbers speak for themselves. IDC predicts a 25 percent surge in cloud spending (software, services and infrastructure) this year, reaching more than $100 billion. Cloud adoption has introduced unique and complex security considerations for users. Organizations must look at how adopting a certain cloud model could affect their risk profile to data security, privacy and availability. With the number of cloud solutions on the market today and the various analyst reports touting which direction to take, there s no wonder why businesses are questioning what approach is best. Ready or not, cloud computing is here to stay and businesses need to make sure they are well educated on the benefits of each model and know how to select an experienced cloud provider. A well-managed private cloud can address concerns for applications with sensitive data or availability for customized solutions, while public clouds offer lower cost options for more generalized applications and storage. The key is to understand which applications are best for each cloud model, and why some applications are meant solely for private cloud. 2014 Tribridge All rights reserved. 1

Introduction Today s digital economy requires reliable and secure connectivity. In order to handle daily operations and respond to customers, employees need access to their data at all times, from any location, using any device. Organizations are also storing more data electronically in lieu of hard copies. Whether they are storing large multi-media images or sensitive compliance and regulatory documents, there is no question that the files are getting bigger and there are more of them. In a traditional setting, IT departments have several onpremise servers, a backup system, hardware supporting the company s processes and software that were likely implemented several years prior. This leads to a demand for new capital expenditures and most importantly, the ongoing requirements for additional server space to accommodate new solutions and growing amounts of data. Internal IT teams are not only saddled with managing the company s infrastructure, but its phones, printers and even the security of the employees personal devices all requiring different levels of expertise. The advances in cloud computing allow IT departments unprecedented speed to delivering new and updated solutions compared with traditional on-premise models. Designing the right cloud platform to meet the unique needs of a business requires time and a highly specialized team, which is why many organizations decide to employ a third party for implementation and cloud management. The advancements in private cloud technologies offer specific advantages for enterprise-level applications housing sensitive data, including a wide range of opportunities to save time and streamline resources and costs, all while keeping confidential information more secure and allowing greater flexibility for customization and integration with other applications. 2014 Tribridge All rights reserved. 2

The Right Cloud for the Application Cloud computing technologies have enabled many business benefits without a significant increase in IT budget. However, the debate over public versus private clouds continues to be a source of confusion for many IT managers and C-level executives. PUBLIC CLOUD A public cloud service is provided as-a-service over the Internet and the organization s infrastructure or applications are hosted off-premise by a cloud service provider. In a public cloud, the business application software, hardware, data center and operating system is shared with all of the other users. As a result, it is a very low cost option. Businesses can take advantage of the provider s infrastructure and a best-of-breed process, which lowers capital spend and alleviates the pressure on IT departments. Advantages: Simplicity and efficiency: Public cloud services are offered as a service, usually over an Internet connection. Low cost: No need to purchase physical hardware or software. A shared model delivers a high efficiency of scale and lower price point. Reduced time: Internal IT resources are not responsible for configuration or maintenance of the solution (hardware or software). Pay as you go: Users can scale the solution up and down as needed. Disadvantages: Data Security Concerns: Most public cloud providers have security measures in place. However, the nature of a shared model means that data resides in the same servers and instances and therefore can be breached. For businesses with sensitive data, i.e. financial, medical and regulated information, the security is not enough to meet those standards. Lack of control: Third-party providers are in charge and upgrades are done automatically. Customizations and integrations with other solutions may be lost as a result of a forced upgrade. Slow Performance: Public cloud services share resources with other organizations and during peak times, your solution s performance can be affected. Less Flexibility: Because the application runs on shared servers and instances, your ability to change your solution (i.e. customize or integrate) in a public cloud is limited to a standardized set of options. 2014 Tribridge All rights reserved. 3

PRIVATE CLOUD A private cloud is also provided as-a-service or on demand, but the infrastructure is based on dedicated hardware under the control of a provider organization, or sometimes outsourced by internal IT departments. Virtualization is the key technology that helps a company realize similar cost savings to a public cloud solution, while giving them a separate application instance and virtual pod for their infrastructure. In a private cloud, the only shared component is the provider s infrastructure. The virtual layer is software that allows the application to use shared hardware and still remain protected. A company s business applications and database are stored on its own virtual layer, creating a protective bubble around the application set and data. Advantages: More control / higher security for sensitive data: Cloud services are dedicated to a single company and the infrastructure is designed to ensure the highest levels of security. Some providers offer customized security based on regulatory requirements. Flexibility for customizations and integrations: Allows companies to tailor its applications, control upgrades and integrate with other solutions. Reduced maintenance/upgrade costs: The cloud provider maintains the cloud platform and infrastructure, and keeps the overall infrastructure up to date. Disadvantages: Higher cost: Private cloud is generally more expensive than public cloud options, but less expensive than implementing the same solutions in-house. On-site maintenance: Some organizations deploy private clouds in-house rather than outsourcing to a provider. With a private cloud hosted on-premise, the company will need to provide adequate power, cooling, general maintenance and security over the data center. Capacity ceiling: Depending on the provider and environment, there will be a capacity ceiling. Redundancy: A private cloud provides greater control over redundancy and disaster recovery because the business is in control and can choose an environment with the redundancy required. Lower Risk: Private cloud providers offer usage reports, security and reporting compliance to alleviate risk. Stronger Performance: Private clouds deliver stronger system performance because the application is not subject to peaks from other organizations. 2014 Tribridge All rights reserved. 4

HOW DO BREACHES HAPPEN IN MULTI-TENANT ENVIRONMENT? Deploying sensitive or high business impact data in a public cloud service, or multi-tenant environment, could expose your organization in the event of a data breach. How? In a multi-tenant environment, cloud providers collocate your data with other customers on the same servers. Sometimes they will assign customers their own application server, but they will still have an instance of the server application (example: Microsoft SQL Server) on a shared database server. In this model, if one customer exposes a server to vulnerability, that server can then be leveraged to distribute malware to others in the provider s environment. The malware hops from machine to machine, leveraging the hashed passwords that are stored on the originally infected machine. Eventually it will find a cached domain administrative credential where it will then infect the domain controller, effectively owning the entire environment. If you are in a multi-tenant model this is of obvious concern. While your company may have in-depth training for your users on how to protect themselves against phishing attacks, other tenants may not, and the mistake of one user outside of your organization could put your company s name in the headlines. Most cloud providers would argue that this couldn t happen on their watch, but so would the thousands of businesses that have already been compromised using these techniques. In a single-tenant (private) cloud, an attack can still occur, however the negligence of one customer can t affect the other environments. 2014 Tribridge All rights reserved. 5

Never considered it; no interest 7% onsidered it ecided not to build a rivate cloud 13% Protect Enterprise Data CYBER ATTACKS ONE OF TODAY S BIGGEST IT CONCERNS Data security is a major concern for any company that has valuable information to protect. High-profile cyber security attacks What's The State of Your Private Cloud Adoption make news headlines just about every week, but there are even more events of this nature that fly under the radar. The majority of organizations don t have the bandwidth and tools to protect themselves, and often a company won t even know its data has been breached until it is too late. Therefore, cyber security should be a big factor when selecting the right cloud provider and solution. Built a test version & found it wasn't worth pursuing 3% Have a private cloud in production for some apps 30% For critical enterprise applications, a private cloud is a better model. Although private clouds can cost more, increasing numbers of organizations are selecting them to host and manage their critical workloads and sensitive information such as financials, regulated data and intellectual property that would wreak havoc on a business if breached. Amazon, Google and other public cloud providers are not designed to protect sensitive data they deliver economies of scale to customers, as the infrastructure costs are spread among a mix of users, giving each individual user an attractive low overall cost, but offer limited security protections. Those models are best suited for other applications such as online retail catalogs, email, training servers and company websites. ave a private cloud in oduction for st or all apps 17% There are numerous news outlets covering the NSA, Microsoft, Amazon, Google, Facebook and others accused of collecting information without consent. These events are happening because companies pay public cloud providers to give them access to personal data. Mark Are testing Herschberg, various parts of CTO a private Madison Logic, a New York-based cloud or started a private cloud project company 30% that provides data for advertisers, stated in The Dallas Morning News that, There are thousands of companies out there today collecting information on customers, and together they are aggregating quite a bit of data. Google is reading users emails, and Amazon is tracking not only what a consumer Has your organization buys, but what configured they shop for. the following clouds for interoperability? Hosted private cloud with a public cloud 39.6% Think about the highly sensitive information stored in a company s accounting and ERP On system, premise private as well as employee data and cloud with a hosted private cloud 60.8% customer buying patterns. It s a goldmine for those in possession of valuable data, and regulations on data collection and consent are murky at best. The price of the security of a private cloud far outweighs the exposure and lower costs of a public cloud offering. Top cloud computing security problems Auditing & Compliance 26% Access & Control 35% *451 Research Data Privacy & Security 41% Take Target for example. ABC News reported the retail giant said it ignored early signs of a data breach. Staff failed to respond to the security alert and 70 million users were affected, equating to 20 percent of the U.S. population. The cost is a staggering $61 million in direct expenses so far. The reality is that companies of this size are bombarded with alerts often with little information on logs. The risk is everywhere, accountability is uncertain and liability is not well defined. On premise private cloud with a public cloud 42.1% 2014 Tribridge All rights reserved. 6

Never considered it; no interest 7% Considered it & decided not to build a private cloud 13% & found it wasn't worth pursuing 3% Have a private cloud in production for some apps 30% Have a private cloud in production for most or all apps 17% Private Cloud A Critical Component of Your IT Strategy With a greater awareness of security issues, as well as additional security concerns of businesses in highly regulated industries, Are testing various parts of a private cloud or started a private cloud project 30% private cloud conversations are a critical component of an IT business strategy. Top cloud computing security problems Auditing & Compliance 26% The current satisfaction with private clouds seems to come at the expense of public models according to InformationWeek. The survey reported a five-point increase in the percentage of respondents saying they re phasing out their public cloud use. Data Privacy & Security 41% Has your organization configured the following clouds for interoperability? What's The State of Your Private Cloud Adoption Hosted private cloud with a public cloud 39.6% On premise private cloud with a hosted private cloud 60.8% Never considered it; no interest 7% Considered it & decided not to build a private cloud 13% Built a test version & found it wasn't Access worth & pursuing Control 3% 35% Have a private cloud in production for some apps 30% On premise private cloud with a public cloud 42.1% *451 Research Have a private cloud in production for most or all apps 17% Are testing various parts of a private cloud or started a private cloud project 30% *Data - InformationWeek 2014 Private Cloud Survey of 242 business technology professionals at organizations with 50 or more employees. In 2012, the biggest reasons for not pursuing a private cloud were: other projects took priority; a cloud model didn t support their applications; lack of budget; or no need. Today, the percentage of companies saying they haven t considered private cloud integration fell from 20 percent in 2012 to just 7 percent according to the survey. Has your organization configured the following clouds for interoperability? Reported by Healthcare Informatics, The Private Cloud Gets Some Respect, Mac McMillian, national chair of the On premise HIMSS private Privacy Hosted private cloud with a cloud with a hosted private cloud 60.8% and Security Task Force, notes that the private cloud, whether hosted or on-site, offers a much greater degree of control for the provider organization that is using it, compared to the public cloud. They know public where cloud their data is, they know who has access to it, and they have better control over the resources around it and the rules around it, he says. In his view, the public cloud is not designed to support a heavily regulated or heavy security related environment such as healthcare, and it is not suited for storage of clinical information. 39.6% 2014 Tribridge All rights reserved. 7

Don t Jump Right In: Select the Right Private Cloud Provider In a global mobile environment, companies want a solution that does more than just integrate with its existing legacy systems. And with so many cloud providers and solutions on the market today, how do you make the right choice for your business? Many companies jump right in and start evaluating providers based on vendor offerings. But to really be successful with a cloud implementation, businesses first need to identify, research and analyze their internal requirements. When you are ready to engage a cloud solutions provider, make sure you conduct a thorough evaluation of the provider as well as its offerings. Privacy, financial health, data center security measures and concerns must be carefully vetted to ensure your information will be safeguarded. The following list is a guideline to help you cut through the hype and be better equipped to choose an experienced cloud provider. How long has the provider been in business and do they know your industry? Compare solutions. Each may not satisfy a business needs 100 percent, but should provide the maximum number of required functionalities and offer an expected return on investment. Take the time to learn which vendors are staying on top of trends and investing in new technologies. What are the provider s security credentials and policies? The provider must be able to show a solid track record this includes support for regulations such as Sarbanes-Oxley, HIPAA and others. Make sure the cloud provider is up-to-date on data center and industry certifications. Have they met the security and availability criteria for SOC2 and SOC3? Understand how each provider charges for traffic do they offer pre-sales design resources, rather than just quoting? Will you be given visibility into usage numbers, costs and chargebacks? One in four cloud services providers won t be around by 2015, according to a recent Gartner report. With the possibility of a major consolidation on the horizon, businesses need to make sure they are doing their homework before selecting a preferred provider. Private cloud providers that get involved in the initial design tend to understand business goals better and find more efficient ways of deploying the cloud. Make sure your provider sees you as a partner in the process. Understand the process to update and make maintenance changes to your solution. Does your provider follow ITIL (Information Technology Infrastructure Library) best practices or have a review board for changes? Can the provider provide usage, compliance, and related reports on the accessibility and health of your solution? As with any other critical business move, selecting a cloud provider should not be taken lightly. It is important to employ a vendor with the flexibility to offer solutions that fit different application needs and stages of the development lifecycle. Be sure to discuss your goals and objectives early and often with the cloud provider. The strength of their expertise, not just the quality of the solution, will be a key factor in the success as the company s goals will evolve and grow over time. 2014 Tribridge All rights reserved. 8

Conclusion Cloud computing is quickly becoming the technology of choice for enabling businesses to be more focused on providing strategic value rather than spending time on IT resources and infrastructure needs. With applications that contain sensitive information, such as financial or regulated data, moving to the cloud will require special considerations. Companies in the financial or healthcare industries are also aware that they must satisfy regulations and regulators, and they must meet these standards in an environment that is often subject to government surveillance and data center hijackers. These concerns can make the private cloud a more realistic option for companies that want data sovereignty, in which they can secure critical data internally, without exposing it through widely available public interfaces that characterize the public cloud environment. A private cloud offers the most secure way to more quickly deliver agile and updated applications. Coupled with the right provider that invests in security and utilizes the most recent technology advances, businesses can realize significant opportunities to save time, resources and money all while reducing risk. 2014 Tribridge All rights reserved. 9

Resources 1: 451 Research; Hosting and Cloud Go Mainstream 2014 2: IDC; Forecasts Worldwide Spending on Hosted Private Cloud Services 3: Inc.; Michael Dell on Why Data Security Is the Most Important Issue You Face 4: CNNMoney; Microsoft Defends its right to read your email 5: InformationWeek; Private Cloud Adoptions On A Roll 6: InformationWeek; Report: Private Clouds Step Up 7: Healthcare Informatics; The Private Cloud Gets Some Respect 8: ABC News; Target Nearly Doubles Estimate of Customers Affected by Data Breach 9: The Dallas Morning News; The NSA is watching, but so are Amazon and Google 10: Computerworld; One in four cloud providers will be gone by 2015 2014 Tribridge All rights reserved. 10

Founded in 1998, Tribridge is a technology services firm specializing in business applications and cloud solutions. The firm helps mid-market and enterprise customers solve their business challenges through Cloud Computing, Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Application Development, Portals & Collaboration, Security & Infrastructure and Human Capital Management (HCM). With a focus on industry-specific solutions, a 100% go live track record and deep experience implementing Microsoft, Cornerstone OnDemand and other enterprise technologies, the Tribridge team of nearly 600 professionals operates with an unwavering commitment to provide exceptional service and support, drive measurable results and build lasting partnerships with the firm s 3,750 customers. www.concertocloud.com (877) 744-1360 4830 W. Kennedy Blvd., Suite 890 Tampa, FL 33609

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information