Virtualisation and the cloud have already had a major impact on compute and storage strategies, where recently we have seen infrastructure becoming more intelligent in its ability to adapt to technology innovation. Kevin Krige, Cloud Solutions Specialist, BT in Africa on what to ask an IaaS provider.
If we consider how competitive business environments have become – given digital transformation and the need for constant innovation – the on-demand scalability that comes with Infrastructure as a Service (IaaS) is now providing even greater flexibility and agility as a response to changing business opportunities and requirements.
While we are certainly seeing more enterprises move towards the pay-as-you-go cloud infrastructure service model that IaaS makes available, enterprises should look to partner with an established and reputable provider who is able to offer advanced IaaS capability. For instance, IaaS should allow the enterprise to use virtual machines to create data networks to manage their own, for example, servers, data storage, security and software to hardware, bandwidth and more, all from the cloud.
Of course, choosing the right provider, and agreeing on the contractual terms to manage security, is also fundamental to ensuring data protection. With this in mind, however, any enterprise considering cloud-based services and solutions should reflect the following questions – so as to better understand who needs to take ultimate responsibility for security:
Who’s really responsible for my data?
The short answer is, the client/enterprise is. As the owner, it is their responsibility, and not that of the IaaS provider to secure their clients’ data.
Where’s my data?
Although it’s in the cloud, it must also reside in a physical location. This must be discussed with the IaaS provider as to which country/countries the data will reside in – and businesses should be aware that different countries have different requirements and controls placed on access.
Who has access to my data and my code?
Insider attacks are a huge risk, and a potential hacker can be someone with approved access to the cloud. The client/enterprise will need to know who will be managing their data and the types of control applied to these individuals.
What is the current maturity and long-term viability of my chosen provider?
How long have they been in business? What’s their track record? Are they operationally effective and secure? If they go out of business, what happens to the data?
What happens if there’s a security breach?
What support will the client/enterprise receive from the IaaS provider?
What is the disaster recovery/business continuity plan?
The data is physically located somewhere, and all physical locations face threats such as fire, storms, natural disasters, and loss of power, for example. It’s therefore important for a client/enterprise to understand how their chosen provider will respond, and what guarantee of continued services they promise.
The conversations and discovery that needs to underpin any decisions about cloud and IaaS must be in-depth and are far more wide-ranging than those needed previously. But the rewards on offer are huge. Businesses now can create a network infrastructure that will flex and grow with them, capable of being used for many different purposes as the business evolves. Any investment made will bring value to the business – today and well into the future.