Many companies are moving servers to the cloud, but I urge them to look further ahead. As IT continues to evolve beyond Infrastructure-as-a-Service (IaaS) and virtual machines, I see Platform-as-a-Service (PaaS) as the future for cloud services. According to a recent InfoQ.com article, Azure Web Sites now offers upgrades that place it among the top public PaaS services.
The efficiencies of programing in a cloud environment are tearing down the last walls between IT developers and operations, blending them into a new DevOps role. To my mind, the ideal cloud environment for this DevOps role is Platform-as-a-Service (PaaS). It’s a whole different way of looking at things, and it eliminates so much capital expense.
Keeping track of multiple passwords is a headache. As enterprise users try to juggle new logins to work in a hybrid cloud environment, strategic identity management has become a necessity. As your company develops its roadmap to the cloud, I’d suggest single sign-on in your cloud strategy, and addressing identity management in your security audit.
Some cloud services now offer “zero-knowledge” storage in which only customers are able to unencrypt their data. A CIO.com article questions the claims of these storage providers, pointing to a potential vulnerability in the encryption process. It’s arguably more useful to be aware of security risks than trust anything to be 100-percent secure.
If you trust your cloud services provider to handle compliance for you, you’d better prepare for a RGE — a “resume-generating event.” The responsibility for appropriate data security and record keeping ultimately rests on your company’s shoulders, so compliance needs should be crystal clear. Here are five tips for avoiding a compliance-based RGE.
Even if you have a good handle on security for your own enterprise data center, make sure your cloud strategy recognizes the different cyber-attack risks you face in a cloud environment. Understand what level of security is available and appropriate for your organization, and that cloud attacks may differ from what you’ve faced in the past.
While using cloud services often lightens the load for your IT team, too many organizations mistake the cloud for a set-it-and-forget-it solution. Cloud computing provides basic servers on commodity hardware: low-cost resources, not infallible ones. As an ITProPortal.com article notes, companies should actively manage and monitor cloud services.