One of the most frequent questions I get when the topic of cloud computing comes up is around security. Justifiably, folks tend to have questions around security, privacy, and regulatory compliance in shared environments.
A shared environment (also called a multi-tenant environment) is much like an apartment building. You have multiple tenants (renters) sharing common infrastructure (the apartment building). The tenants may be different departments from the same company or completely different companies.
Security is a complex topic but the main concepts are applicable whether you are looking at private cloud solutions or public cloud solutions. To keep things grounded in something practical, I’ll use Cisco’s Vblock architecture as a reference, since it is deployed in both public and private cloud environments.
Shared Resource Blocks
At the most basic level, you need to be able to segment shared resources among the tenants. The Vblock architecture segments tenant resources in several ways:
At the network level, the architecture uses unique Media Access Control (MAC) address pools, Virtual Local Area Network (VLAN) tagging and security features, such as vShield zones, private VLANs and access control lists, to consistently define and enforce policies, not just at the tenant level but also down to the virtual machine level so you can enforce segmentation even within a tenant.
Similarly, at the storage level, the architecture uses Logical Unit Number (LUN) masking, zoning and Virtual Storage Area Networks (VSANs) to segment of storage assets.
Quality of Service Monitoring
One subtle aspect of Vblock’s segmentation capability is the ability to create and enforce “quality of service (QoS)”between tenants. The apartment analogy of this ability is when your neighbor plays their stereo too loud and drowns out your TV. In cloud environments, you need to ensure that QoS mechanisms are in place so you workloads are not adversely impacted by the activities of another tenant.
Manage Consistent Security
The next area to look at is manageability. First is the ability to integrate with your existing information security (“infosec”) framework. If your information security framework doesn’t have operational consistency with the rest of your environment it can reduce efficiency or, worse, create policy compliance issues.
The second area is the security on operations and management interfaces, which prevents someone from hacking in and taking control of your infrastructure. Vblock provides an open framework that integrates with your existing security framework to ensure consistent security between physical and virtual environments.
Finally, you need auditability. If you have a business governed by regulatory compliance policies, then you need to make sure your cloud solutions can provide you with the kind of data you need to keep your auditors happy.
At the end of the day, do you need to do your due diligence around security issues when looking at cloud solutions? Absolutely, but the good news is that there are proven solutions available that allow you to take advantage of cloud computing while still keeping your infosec folks happy, which is always a good idea.
Download SunGard’s white paper: “All Clouds are Not Created Equal.”