hybrid cloud

Audience: Business owners & managers

Because the term Cloud Computing is all-inclusive a lot of fear regarding security of cloud computing has arisen. Many business owners may incorrectly assume that Cloud computing is not ideal for their company or worth looking into for fear of security or loss of control.

This article will help business owners understand the basics to the different levels of security with respect to cloud computing and business use. We will also discuss some of the different aspects of cloud computing that are ideal for businesses to consider.

Cloud Security

Data Center Security versus Typical Office Security

cloud computing security analogy for businesses considering cloud computing would be that of a standard house (for the average business level of security) to that of a bank. The bank is analogous to datacenters specifically setup for secure cloud computing needs. I won’t delve into all the technical jargon, but simply understand that banks are designed knowing that they need to be secure, thus access is controlled, monitored and numerous contingency plans are in place for differing scenarios. The average office however may not have security cameras, monitoring, alarms, or various levels of access controls for the building access, or proper network access levels & auditing configured -should someone gain access to an employee’s computer.
Today, most businesses have a full-time connection to the Internet just as datacenters do. However, in the cloud computing environment, which stores data in one or more data centers, the level of security and auditing for intrusion is far greater than that of a typical office.

Cloud Computing Security Analogy –step two. Many companies use cloud computing today, but in different ways. It is the large diversity that leads to excessive fear over cloud computing security. Keeping with our analogy, let’s say there is another building, this time a place where many people come together and socialize, perhaps a club. Each club would have its own security policies and requirements and a breach in security in one club should not reflect a weakness in security for a bank. One building is configured for differing needs. The typical club has a lot of external social interaction, whereas the bank (secure data center) is built around secure storage and access.
Based off this analogy, most businesses are looking for the “bank” scenario. In cloud computing you will see this as “Virtual Private Cloud Computing”.
Before I delve into Virtual Private Cloud Computing, as a business owner you may be thinking, I need my server(s) in my office regardless because my Internet may go down. We address this with Hybrid cloud computing. Hybrid Cloud Computing allows business to leverage Virtual Private Cloud computing (often for disaster recovery), and still keep their server(s) in their office. Hybrid Cloud Computing may be more ideal for businesses than a full cloud computing environment. Because of this, let’s first look at Hybrid Cloud Computing as it affects businesses.

Business Examples of Hybrid Cloud Computing

Hybrid Cloud Computing Scenario 1

A business wants to ensure a good disaster recovery system is in place for their current operating environment. The business contacts their technology consultants that focus on cloud computing and/or hosted technology *. The consulting firm delivers Hybrid Cloud computing in the form of a box that sits in the office & connects to the local office network. The box takes snapshots of the current server(s) at a definable time period. Should the local server(s) fail – (such as due to a hardware failure); the box can start running in place of the failed server(s) using the last snapshot. So where a business could be non-operational for weeks, with this hybrid cloud computing scenario they can be operational in a few minutes.
One step beyond this is that the box can also send compressed and encrypted replications “images” to a datacenter (using Virtual private Cloud Computing) this replication or “image” can become active at the remote location so that core business operations can still be accomplished. This addresses the risk of theft, fire, power outage, or other “disasters” that would prevent the servers from running at the local office.

Should your business consider this type of Hybrid Cloud Computing?

There are many ways to address disaster recovery. This scenario of hybrid cloud computing is ideal for businesses that are extremely sensitive to their servers being operational. Industries that may have extreme time-sensitivity to outages that warrant this use of hybrid cloud computing range from Healthcare, to Oil & Gas, Financial industry and more.
*If you are not aware of a good consulting firm, just let us know where you are located and we can suggest a reputable technology consulting company in your area.

Hybrid Cloud Computing Scenario 2

A business doesn’t want to tie up its capital in server equipment anymore, but has the need to keep the server(s) in the office “local”. The business contacts their technology provider that offers on onsite hosted server for a flat monthly fee. (If you don’t know of one, let us know and we will refer a reputable company to you). This box which can contain multiple servers is configured to run just like in the scenario 1 fail-over, but additional hardware changes to the box are typically done to make it more robust so that it is used as the primary local server(s).
Just like above, the box has the option to automatically send secure backups to secure datacenter(s). This scenario is very attractive for most businesses weary about using “Cloud Computing”, or Virtual Private Cloud Computing as their main method of operation.
This scenario of Hybrid Cloud Computing can give the below benefits (and more) to business:

  1. Frees up capital for the business
  2. Provides a fixed monthly amount instead of an unknown variable amount the company will spend on IT services
  3. Shifts most of the risk from the company to the provider
  4. Keeps the data local
  5. Provides the framework for offsite of disaster recovery
  6. Like with virtual private cloud computing, it gives ability for the company to save in some software costs by not having to purchase it, but use on a monthly basis.

Virtual Private Cloud Computing

With Virtual Private Cloud Computing, a business would have significant enough benefit to warrant moving their server(s) “to the cloud”. Keeping with the analogy, think of a large building that has multiple offices in the building. This building has some floors that are secure, and have restricted access to enter and it is on one of these floors where your bank resides. This is the case with virtual private cloud computing. Your company’s network environment and therefore business operating environment is built as a secure floor in this building (data center). Breaking from the analogy, unlike the real world of office building, your virtual private cloud computing environment can send encrypted images of its environment to a backup data center. In the off chance an entire datacenter goes down, just like with our hybrid cloud computing scenario of offsite backups, the fail-over datacenter(s), can activate the last image and be operational in minutes.
For peace of mind, some business owners want to have an image of their cloud environment stored to their local office as well. Thinking back of the hybrid cloud scenario, the local image could be loaded on a local box “server(s)” and be operational locally instead of in the cloud-based environment.

Security concerns with Virtual Private Cloud Computing

Now that we’ve done the build analogies, suppose the janitors, who have keys to all the offices decides to go raid the sensitive information in your virtual private cloud computing environment? So, the question here is What about the system administrators in the data centers who I don’t know or trust?
An extremely valid point and there is definitely an answer. For most companies, especially small businesses, the level of security and authentication at data centers is enough. However, for some industries, and for some businesses more security is needed
Auditing & access control-
Auditing can be enabled so that business owners know who accessed (or tried to access) any file or folder, when, and what (if any) changes were made. Further, and in some highly sensitive cases we create folders that the owner is the only person who knows the password to. This means neither their cloud computing consulting firm, nor any administrator can access the folder without breaking the encryption on the folder. To make matters more secure the folder keeps a log (auditing) of every attempt to access, and when accessed who, when, for how long and what, (if anything) was changed. So with virtual private cloud computing there are multiple layers of security and auditing to protect a company’s data. But knowing this, the question still remains…

Is Cloud computing ideal for your business?

If so, is it something like the Hybrid Cloud Computing or Virtual Private Cloud Computing?
To help you see which is more ideal for your business operations, see our page on “The pros and cons of Cloud Computing“. Which helps highlights many of the business benefits and the downsides as well.
Considering Cloud Computing for your business? We are here to help. Feel free to contact us, as we’d love to talk to you and help you determine if cloud computing would be beneficial for your company.

Hybrid Cloud Computing is using portions of Cloud Computing and traditional internal network equipment. For most companies, this is the most practical use of Cloud Computing.

Hybrid Cloud Computing has no requirements as to what must services it include, which gives businesses the flexibility to examine what functionality Cloud Computing has to offer and having a solution designed to keep components of the business’s traditional network structure while incorporating improvements made possible through Hybrid Cloud Computing. Hybrid Cloud Computing gives businesses the ability to incorporate Cloud Computing that fit within the company’s policies, yield the greatest return, competitive advantages, and reduce risks and limitations a traditional network has on businesses.

For some companies, Hybrid Cloud Computing may involve using Cloud Storage as seen in Cloud Computing for Disaster Recovery. Other companies will use Hybrid Cloud Computing to free up cash by not having to buy their own server and instead have a monthly agreement for a server to be physically at their office (yes in their building and not in a data center somewhere). In this Hybrid Computing Model, the company will pay a monthly fee which will often include the maintenance done on the server, technical support for the company, local and office backups of the server data. Data that is stored offsite by default is compressed and encrypted prior to sending the data offsite “in the cloud.”

Hybrid Cloud Computing where the Cloud Computing Company brings equipment to run at the businesses has some major advantages for businesses with minimal downsides.
The benefits of this type of Hybrid Cloud Computing model are:

  1. The business does not have to buy hardware such as servers.
  2. The Hybrid Cloud Computing service may be offered on a monthly basis.
  3. It gives businesses financial and operational flexibility.
  4. The equipment the Cloud Computing Company brings on premise uses technology to help ensure reliability to business operations.
  5. The Cloud Computing Company monitors the online backup service.
  6. The ability to quickly recover in the event of a disaster is improved.
  7. The Cloud Computing Company is responsible for keeping their equipment running.

What are the potential downsides of the Hybrid Cloud Computing when structured this way?

  1. Be sure to look at the Service Level Agreement (SLA) in these areas in particular, to make sure the terms are acceptable.
    1. What are the guaranteed response times for support?
    2. What is the recourse if the technical support is slower to respond than the SLA?
    3. Who is doing the support? If you are in the healthcare industry be sure they sign your Business Associate Agreement (BAA)
    4. What methods of support do they offer? Phone, remote, onsite (and the response time for each).
  2. The fault-tolerance of a full Cloud Computing structure is not obtained.
  3. The monthly service cost may be expensive.

Another popular Hybrid Cloud Computing Model is used in Cloud Computing for Disaster Recovery. This model leverages different components of Cloud Computing to support traditional network infrastructures. Instead of the Cloud Computing Company bringing equipment in for your business to run on, the Cloud Computing Company (or Managed Solutions Provider in this case) will bring in another system that will image (a virtual snapshot) the company’s server(s). Should the business’s servers fail, the Hybrid Cloud Computing equipment can load the last image, and in less than an hour, the business can have the full functionality of the original servers running even though they are down.

How much time is lost depends on how frequently the company images run. The smallest time frame is about every 15 minutes for an image. In addition, with this Hybrid Cloud Computing equipment in place, the business may opt to have the automatic online backup service used as well, which will compress, encrypt and store desired data or entire images online. This Hybrid Cloud Computing model is offered as a monthly service.