eBook - ePub
Above the Clouds
Managing Risk in the World of Cloud Computing
Kevin T. McDonald
This is a test
Buch teilen
- 166 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Above the Clouds
Managing Risk in the World of Cloud Computing
Kevin T. McDonald
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Above the Clouds: Managing Risk in the World of Cloud Computing acts as a primer and strategic guide to identify Cloud Computing best practices and associated risks, and reduce the latter to acceptable levels. From software as a service (SaaS) to replacing the entire IT infrastructure, the author serves as an educator, guide and strategist, from runway to getting the organization above the clouds. Valuable tips on how to choose your provider of Cloud Services are also offered.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Above the Clouds als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Above the Clouds von Kevin T. McDonald im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Cyber Security. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
Thema
Computer ScienceThema
Cyber SecurityCHAPTER 1:
SETTING COURSE TO THE CLOUDS
If you have tried to hire any IT folks lately, you may notice that a) it is difficult to find and keep staff, and b) once you are staffed, they may not always be all that productive. Part of the reason is that the skill set required to put the average organization’s IT on the burner is so massive and complex, that the staff may only perform one or two of the critical functions on a monthly basis, not on a weekly basis, much less a daily basis. As a result, when you hear of a computer installation gone wrong or having to scratch something and start over “now that we have it right,” there is a common theme: core competencies.
You don’t develop competence by performing something every week or so. You have to live, sleep, eat and drink in a functional area before you can really take on the mantle of guru. So for the less frequently performed tasks, there is an assumption that the low-volume player will be outshone by the high-volume player, given the same game. Gurus get to be gurus by talent and training, not talent alone.
If you think of managing an IT system, the core issues are the same for every organization. If you have to upgrade a system from one version to another frequently, the next one starts to get a bit easier. If you are running the same application for multiple organizations, then you are likely to discover ways to run that application better. That leads to repeatability and, from the standpoint of Capability Maturity Model (CMM)® Integration, repeatability takes you up the scale of quality and reduces the risk of mistakes.
In the transportation business, a lorry driver who runs a dedicated route is less likely to have an accident. The reason is that by running the same route every day, the driver becomes familiar with the terrain.
The same principle applies to systems. The installation gets easier the second time through. If you have to install the same kind of system hundreds of times, the route is familiar and there are fewer reasons for errors.
There are equivalent dedicated runs in IT today. Each organization has things that they are great at and that they do all the time. There are other jobs they do less frequently. If we can focus on the functions they don’t have to be great at and that they perform less frequently, and there is a viable, externally available replacement service, this function may fall into the commodity functional level, ripe for outsourcing and perhaps moving to the Cloud.
Renting versus owning infrastructure
How many times have you purchased a PC, a laptop or even a cell phone, only to find something similar with more features, better performance and lower cost within a few months or even weeks of purchase?
Moore’s law postulates that computing performance would double processing power every 18 months. Based on this
®CMM is registered in the US Patent and Trademark Office by Carnegie Mellon University.
premise, why are we investing in infrastructure on a three-or four-year cycle that will be outdated in 18 months?
This question is complicated by the fact that an IT department doesn’t just buy one box; they buy hundreds or thousands at a time, every one exhibiting the same sort of ticking infrastructure countdown.
The staff levels, the support applications and hardware deployed to support equipment and infrastructure are growing right along with the number of boxes an organization supports.
Another issue to consider is depth on the bench. If your organization has one really good server lead person, what happens if that one leaves or gets sick? Maybe you hire a second server person as a backup. But now, with two individuals doing the same function, they may not have the volume to stay busy 100% of the time. So you give one of them 75% servers and 25% help desk support.
Small to medium-sized businesses can’t keep up with this model so they frequently augment staff with contractor support. No issue here except you have just backed into a shared service model. The contractor resources are no longer dedicated staff. They can provide surge support but may not be available full time.
Contrasting these challenges with Cloud infrastructure, the boxes are set up in real time. There is no upfront capital expense. If a server fails, the Cloud provider takes care of any hardware issues at their end and will have the capacity to immediately stage replacement equipment without the weeks to months of lead time associated with a capital infrastructure investment.
Scalability
When infrastructure owners need more equipment, they have to make sure they have the people, space and power to support it. Then starting from a plan, they go to budget, purchase authorization, order, track, installation, payment and operations.
In the Cloud realm, you sign up for an account, specify resources needed, order, and within minutes the server is available. The server provisioning creates a rental or chargeback ticket and you’re done.
The heaviest part of the physical infrastructure bother – the staff requirements, perhaps a bit of the technological risk, and that the next best thing will be half again as expensive – has been effectively bottled.
From this, I hope it is clear why the Cloud seems to be gaining momentum. As they say, the devil is in the details, so there are some caveats and there are as many alternate paths to this utopian ideal as there are paths to the dystopian depths. So let’s see how to find the right path, shall we?
The larger they are, the less likely they are to fall
This may be a bit of a surprise, but the bigger the organization, the less they may benefit from outsourcing their services, since larger organizations have purchasing power and internal production costs that approach or even surpass all but the largest Cloud service providers.
Smaller organizations may not have the inherent staff and controls to duplicate a Cloud environment in-house cost-effectively. There is also a risk that the internal staff may not be able to master the Cloud technology without some training and outside assistance.
In a larger organization, there are still benefits from adopting Cloud architecture, also referred to as a private Cloud. There are still economies and efficiencies to be gained from consolidating workload and reducing the time from initiation to deployment. In some cases, by using Cloud provisioning techniques, organizations are reporting a four-month gain in productivity over previous methods.
The majority of these gains are likely to be from two sources, one being the use of virtualization to create virtual copies of physical servers. The virtual copy works the same as a physical server; it has the same interfaces and capabilities. The difference is that the virtual server is one of dozens of similar servers running on a single physical device.
The other is the elimination of procurement for a single device. Since centralized procurement of the hosting physical server is already complete, a request for a virtual server can be handled similarly to a request for a new user ID or an e-mail account; no funds have to change hands, everything happens in cyberspace and it is only the delay from a provisioning standpoint that has any effect on the process.
Going virtual
Virtualization technology is still relatively new as commercial off-the-shelf software. It is getting easier to deploy, but professional services companies exist for a reason. If your organization does not have the staff training and skill set, it might be better to bring in some experienced consulting staff to oversee installation of a private Cloud environment or help configure and integrate a public Cloud environment.
Cloud platforms and rapid system prototyping
The benefit of this rapid provisioning in Cloud environments can be seen very clearly in the ability to set up a test system rapidly and in isolation from the corporate network. Testing is seen as onerous by some programmers, so the easier you make it for them to start and document their testing, the easier it is for the organization to mandate compliance.
The cost of providing hardware for the developers can be much less expensive in a Cloud environment. Systems can be configured, used for a time and then the resources dissolved back into the Cloud once the project is completed. There is no capital expense, and rapid configuration can shave weeks or months off costs by eliminating hardware procurement and replacing it with a metered utility Cloud platform rental model that may be pre-approved for an operational surge in capacity requirements.
Partially configured test systems have been used to attack corporate networks. Since they may be connected prior to being completely configured, they may be vulnerable to attack and can get infected by malware. If the infection is undetected, the system can be used as a launching pad for other attacks on the network. By loading test systems off “gold” copy images of the corporate operating system, the servers already have the required patches installed and are less vulnerable to attack.
Consolidating low-use applications
If there are low-use applications that require a server, but may not require all of the resources, they can now be consolidated onto one system that is divided into sections called virtual machines.
Each virtual machine will perform and appear in the system environment to be the same as a unique physical server. The difference is that the virtual machine can be started up and taken down without affecting the operation of the physical machine.
Instead of a dedicated server running all the time in a wiring closet, the application can sleep away waiting for the uptick in demand to awaken a call for more resources. In the meantime, other servers with more pressing demands ...