Cloud availability trumps security concerns when it comes to Shadow IT

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

As pressure mounts to deliver value with ever-increasing speed, lines of business (LOB) are often drawn to cloud computing's ease of use, flexibility and rapid time-to-value. The resultant Shadow IT created by use of consumer grade cloud computing resources usually raises questions about enterprise security, but the real risk is the potential for downtime due to inadequate  availability.

Any interruption that impacts the customer experience will affect the bottom line -- and a company's reputation -- faster than you can say "temporarily unavailable."

So what can IT leaders do about it? With the cloud movement a foregone conclusion, how can they ensure the requisite availability standards are met -- and that their investments in availability are the right ones? There are five key success factors for addressing Shadow IT while ensuring availability in the cloud:

1. Think about which applications belong where. The first step is to know which applications make sense to deploy in the cloud and what their availability requirements are. Let's face it, not every application requires "nine nines" of availability. A basic collaboration tool can probably go down for a few minutes without bringing the business to a crashing halt. These applications may be just fine living in the public cloud because they have no special requirements for security, availability, or compliance. Mission-critical applications are a different story. Because these have strict requirements they are better suited to deployment in a private cloud, where you have greater control.

+ ALSO ON NETWORK WORLD Shadow IT: boon or burden? +

The goal is to balance the need for agility with the need to maintain appropriate levels of availability and security. Taking a "one size fits all" approach to availability can be extremely costly, while potentially leaving critical vulnerabilities. Analyzing your cost of downtime for specific apps, including cloud apps, is crucially important to ensure you're deploying them appropriately and making the right investments in availability.

2. Make availability understandable to the business. Ever feel like IT and the business are speaking different languages? Instead of getting frustrated that LOBs "don't get it," focus on helping business leaders understand how cloud availability impacts them. And listen carefully to what their needs are as they relate to flexibility and availability. Then work with LOBs to provide solutions that meet their business needs, while providing the level of availability required for specific applications. Here's where private clouds can be attractive, delivering the flexibility the business wants together with the control over availability that IT needs.

3. Read the fine print. With the rapid adoption of public cloud technologies there is no shortage of ambitious availability claims from mainstream vendors with familiar names. Unfortunately, many claims are more vapor than fact -- at least in terms of delivering true, mission-critical availability. It's wise to read the fine print in any public cloud vendors' service-level agreements. You may be surprised to find that some do not classify continuous outages as "downtime" unless they last 5 minutes or more. That means your application could go up and down all day long but, as long as it was not down for longer than 5 minutes at a time, they count that as 100% uptime. And if they do have an outage, all they offer is a 5% credit on your next bill for the server that was out.

The expectation of most public cloud providers is that your application needs to be constantly adjusting to their failures. This is exactly what led to the well-publicized Netflix outage last year. An entire Amazon region had availability issues and their expectation was that the individual customers needed to work around those failures. Better to have a solution that prevents failures from causing outages in the first place.

4. Tap the advantages of OpenStack for private clouds. Many enterprises are building private clouds to achieve control for applications with security, availability and compliance requirements. Which means making important decisions about which technology to build on. Implementing open source technology lets you avoid the dreaded "vendor lock-in" that can limit you down the road. OpenStack is emerging as the preeminent open source cloud computing platform. With broad industry support and open APIs, OpenStack offers greater flexibility to select the best-of-breed availability technologies that meet your needs -- including the new breed of software-defined availability (SDA) solutions. Why limit yourself to whatever the "closed solution" vendor may (or may not) provide? With OpenStack, you'll be able to keep your options open.

5. Keep an eye on the innovators. In a space moving as rapidly as cloud technology, there is tremendous innovation in the works -- including advances that offer exciting possibilities for private cloud availability. One such innovation on the horizon is technology that would enable selectable provisioning of availability on demand to ensure applications have the fault tolerance they need, when they need it.

For example, a financial application may only require the highest level of availability at the end of the month or quarter when the books are closing. Providing the highest fault tolerance during this timeframe, and lower fault tolerance the rest of the time, would be an efficient use of capacity while effectively managing business risk. Such an on-demand availability capability is not yet here. But it's coming.

The need to be more agile is driving LOBs to the cloud. The need to retain control over security and availability is driving IT organizations to deploy private clouds. By improving communication between LOBs and IT, by carefully evaluating real-world availability requirements, and by deploying the most flexible and open technologies, IT managers may just find a way to keep everyone happy.

Stratus Technologies is the leading provider of infrastructure based solutions that keep applications running continuously in today's always-on world.

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenancesecurityCloudhardware systemsData Centercloud computinginternet

More about Amazon Web ServicesNetflixStratusStratus Technologies

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dave LeClair, Senior Director of Strategy at Stratus Technologies

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts