Cloud computing, especially public cloud infrastructure-as-a-service is not yet a reality for the vast majority of companies. Recent announcements however, from VMware, Citrix and Oracle clearly show that enterprise cloud computing is gaining momentum.
Security absurdity: U.S. in sensitive information quagmire
In 2010, 9% of companies are currently using or evaluating IaaS, with many more planning deployments for 2011 and 2012. Even though 62% of companies trust IaaS mostly for development and testing applications for now, only 14% trust it for customer-facing Web applications. What's standing in the way of IaaS adoption? Security is the biggest challenge, by a factor of two over all other reasons cited in our research.
Security professionals say that the lack of visibility and control over public cloud infrastructure makes it hard to apply security controls, monitoring, audit and assurance. One of the key services missing from public cloud is centralized, secure and reliable logging. IaaS computing is in many ways a DIY model: you have to design, build, secure and operate each operating system image yourself. Over time, IaaS providers have gradually built more and more platform services that extend the basic CPU-and-storage-on-demand offering. Unfortunately, no one, to my knowledge, is yet offering a logging-as-a-service to complement an IaaS solution.
Log management is hard enough in your own data center. Doing it in a public cloud poses additional unique difficulties. First, there's the issue of ephemeral virtual machines: as virtual machines are turned up and down, their logs need to persist long after the machines disappear. The second problem is deciding where to put the log collection server or servers. If the log collector servers are themselves in the cloud then there is a risk that a failure or outage affecting the production servers will also compromise the log servers leaving no logs to troubleshoot. Conversely, if you backhaul all the logs out of the public cloud and back in to your own data center, you have to consider bandwidth capacity and costs.
To Continue Reading: Click Here
---------------------------------------------------
Source: Network World
By: Andreas M. Antonopoulos
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment