Cloud technology intimidates many organizations. The mechanics of setting it up are very different from the traditional model.
Several companies offer services establishing and maintaining cloud architectures for their customers. Many people call these providers “cloud brokers.” To me, the term “cloud concierge” or “cloud butler” is far more descriptive. I guess I’m thinking of the inept and flustered Bertie Wooster, and his quietly omniscient and omnipotent butler Jeeves stepping in and setting things right. Or shimmering in, or wafting, or sliding, as Wodehouse variously described it.
Cycle Computing built a 30,472-core high-performance computing cluster that received a lot of attention after coverage in Wired and elsewhere. This was for a top-five pharmaceutical company who used it for the computationally expensive task of 3-D molecular modeling. It had 3,809 compute instances with eight CPU cores each, spread over three AWS regions to support provisioning nodes as needed. The cluster had 26.7 terabytes of RAM and 2 petabytes of disk space. This isn’t the only large-scale high-performance computing cluster built on EC2, and AWS isn’t saying whether it’s the largest or not.
This is interesting, but what does it have to do with security?
Potentially quite a bit.
Much of security comes down to simply getting a lot of mundane little details right. That isn’t the entire job, but it is the necessary foundation. Fundamental mistakes and oversights leave openings for attack and catastrophic self-inflicted data loss. You don’t have to be building an enormous cluster to need help. Your mistakes can lead to breaches or at least non-compliance. The good news here is that while you have never deployed and configured this complex cloud based architecture before, the right cloud concierge will have done this or something very similar hundreds of times already. (Obviously I’m assuming that you’re not starting with a 30,000-CPU cluster!) The bad news for you when it comes security audit time is that they handled it. Another organization had at least partial control of your systems, and there will have been some things (perhaps most of it) that you couldn’t even see happening. Also remember that not every butler is an all-powerful Jeeves!
One recent prominent failure happened after the City of Los Angeles wanted to move to Google Apps. It’s a big city, this would be an enormous project, so Los Angeles selected CSC as their concierge. Documents released in August 2011 showed that CSC had informed the city that they had not met and could not meet security requirements for the Los Angeles Police Department and other safety-related city departments. Google Apps lost part of the deal. LAPD, the Los Angeles Fire Department, portions of the city attorney’s office and other departments were removed from the contract.
The cloud can be very challenging. Help is available, but requires turning over more control and visibility. What’s the right decision for you? Learning Tree’s course, Cloud Security Essentials, can help you to make the right decision.