“There’s a limit to customization in the public Cloud before scalability breaks”
John Landau, Senior VP Global Managed Services, Tata Communications, talked to Jasmine Desai about how any business looking to move to the Cloud had to understand how best to take advantage of the new computing paradigm before diving in feet first
How can data breaches be reduced in a Cloud environment?
Whether it is a public, private or a hybrid Cloud, security is vital. The issues are similar in the case of both private and public Clouds. In IaaS or PaaS or any Cloud offering, the risk is not so much in the infrastructure layer as it is in the application layer. You must be cautious while architecting an application in terms of security, passwords, access rights etc. Sometimes, it could be that the application hasn’t been patched. It could be a poorly managed application that lacks access controls. The public Cloud looks more vulnerable because people access it over the Internet. You basically need to have a good Cloud security protocol. The challenge in the public Cloud is that it has to do with multi-tenancy. Therefore, if a neighboring application gets a huge amount of work traffic then it can jeopardize the performance of your application.
Can you suggest as to how applications can be monitored on the Cloud?
Cloud computing is virtualization with automation. Here, the physical location of an application can be shifted. Therefore, you have to have different types of monitoring at the software level. Some vendors have in-built passive or active agents that do this. In a virtualized environment, there may be a pool of thousands of servers and applications residing on them. The physical infrastructure does not really matter anymore but the monitoring of these stacks does. There are tools in the Cloud environment itself like CloudHarmony that one can utilize.
What should be taken care of while distributing workloads across a hybrid Cloud?
There are two types of hybrid Cloud. The hybrid Cloud that exists right now has different parts or tiers of an application distributed in public and private Cloud environments. The other type of hybrid Cloud is where you have a payroll or any e-commerce application in a private environment and it needs extra capacity for a couple of hours, days or weeks and you burst it into the public Cloud in order to gain that extra capacity. There will be lot of challenges in terms of how you maintain application security in such a scenario, how data is shared across applications etc.
The public Cloud, by definition, supports multi-tenancy. Therefore, there is a limit to the customization that can be done before it breaks scalability. When it comes to the public Cloud, it is like buying a commodity. What users are getting in SaaS, PaaS or IaaS are economies of scale deriving from an industrialized approach. If you truly customize it, then it will not work in a multi-tenant environment. It’s like adopting an ERP system. It can’t be customized for every organization. Certain processes within the organization have to change for it to adopt an ERP system. The Cloud has the exact same quality to it. However, this does mean that it negates working on SLAs. In fact, Cloud providers will do more in terms of supporting SLAs and offer an increased variety of SLAs. It will definitely add to the cost but it will also give the ability to organizations to access those SLAs. Nevertheless, providers will be bound by the fact that what they provide should be for everybody.
How can an organization make its Cloud initiative a success?
Any Cloud computing initiative is not so much complex as it is different. In some ways, it is a lot simpler e.g. DR or backup are much easier to do in a Cloud. However, to assure success organizations need to be cautious about their expectations. A trial should be undertaken before plunging straight into the implementation. You need to understand it in terms of what a potential Cloud service will and will not include. A trial is basically to evaluate if any changes from the process perspective need to be enabled. Once the testing is done, it can be incorporated for some time in a real environment and offered to end-users in a pilot. Then it can be taken into the production environment. The rule of thumb would be to go about it in a structured way, ask good questions, learn what you are using and to test it thoroughly.