eBook - ePub
Above the Clouds
Managing Risk in the World of Cloud Computing
Kevin T. McDonald
This is a test
Partager le livre
- 166 pages
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
Above the Clouds
Managing Risk in the World of Cloud Computing
Kevin T. McDonald
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Ă propos de ce livre
Above the Clouds: Managing Risk in the World of Cloud Computing acts as a primer and strategic guide to identify Cloud Computing best practices and associated risks, and reduce the latter to acceptable levels. From software as a service (SaaS) to replacing the entire IT infrastructure, the author serves as an educator, guide and strategist, from runway to getting the organization above the clouds. Valuable tips on how to choose your provider of Cloud Services are also offered.
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Above the Clouds est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă Above the Clouds par Kevin T. McDonald en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Computer Science et Cyber Security. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
Sujet
Computer ScienceSous-sujet
Cyber SecurityCHAPTER 1:
SETTING COURSE TO THE CLOUDS
If you have tried to hire any IT folks lately, you may notice that a) it is difficult to find and keep staff, and b) once you are staffed, they may not always be all that productive. Part of the reason is that the skill set required to put the average organizationâs IT on the burner is so massive and complex, that the staff may only perform one or two of the critical functions on a monthly basis, not on a weekly basis, much less a daily basis. As a result, when you hear of a computer installation gone wrong or having to scratch something and start over ânow that we have it right,â there is a common theme: core competencies.
You donât develop competence by performing something every week or so. You have to live, sleep, eat and drink in a functional area before you can really take on the mantle of guru. So for the less frequently performed tasks, there is an assumption that the low-volume player will be outshone by the high-volume player, given the same game. Gurus get to be gurus by talent and training, not talent alone.
If you think of managing an IT system, the core issues are the same for every organization. If you have to upgrade a system from one version to another frequently, the next one starts to get a bit easier. If you are running the same application for multiple organizations, then you are likely to discover ways to run that application better. That leads to repeatability and, from the standpoint of Capability Maturity Model (CMM)Âź Integration, repeatability takes you up the scale of quality and reduces the risk of mistakes.
In the transportation business, a lorry driver who runs a dedicated route is less likely to have an accident. The reason is that by running the same route every day, the driver becomes familiar with the terrain.
The same principle applies to systems. The installation gets easier the second time through. If you have to install the same kind of system hundreds of times, the route is familiar and there are fewer reasons for errors.
There are equivalent dedicated runs in IT today. Each organization has things that they are great at and that they do all the time. There are other jobs they do less frequently. If we can focus on the functions they donât have to be great at and that they perform less frequently, and there is a viable, externally available replacement service, this function may fall into the commodity functional level, ripe for outsourcing and perhaps moving to the Cloud.
Renting versus owning infrastructure
How many times have you purchased a PC, a laptop or even a cell phone, only to find something similar with more features, better performance and lower cost within a few months or even weeks of purchase?
Mooreâs law postulates that computing performance would double processing power every 18 months. Based on this
ÂźCMM is registered in the US Patent and Trademark Office by Carnegie Mellon University.
premise, why are we investing in infrastructure on a three-or four-year cycle that will be outdated in 18 months?
This question is complicated by the fact that an IT department doesnât just buy one box; they buy hundreds or thousands at a time, every one exhibiting the same sort of ticking infrastructure countdown.
The staff levels, the support applications and hardware deployed to support equipment and infrastructure are growing right along with the number of boxes an organization supports.
Another issue to consider is depth on the bench. If your organization has one really good server lead person, what happens if that one leaves or gets sick? Maybe you hire a second server person as a backup. But now, with two individuals doing the same function, they may not have the volume to stay busy 100% of the time. So you give one of them 75% servers and 25% help desk support.
Small to medium-sized businesses canât keep up with this model so they frequently augment staff with contractor support. No issue here except you have just backed into a shared service model. The contractor resources are no longer dedicated staff. They can provide surge support but may not be available full time.
Contrasting these challenges with Cloud infrastructure, the boxes are set up in real time. There is no upfront capital expense. If a server fails, the Cloud provider takes care of any hardware issues at their end and will have the capacity to immediately stage replacement equipment without the weeks to months of lead time associated with a capital infrastructure investment.
Scalability
When infrastructure owners need more equipment, they have to make sure they have the people, space and power to support it. Then starting from a plan, they go to budget, purchase authorization, order, track, installation, payment and operations.
In the Cloud realm, you sign up for an account, specify resources needed, order, and within minutes the server is available. The server provisioning creates a rental or chargeback ticket and youâre done.
The heaviest part of the physical infrastructure bother â the staff requirements, perhaps a bit of the technological risk, and that the next best thing will be half again as expensive â has been effectively bottled.
From this, I hope it is clear why the Cloud seems to be gaining momentum. As they say, the devil is in the details, so there are some caveats and there are as many alternate paths to this utopian ideal as there are paths to the dystopian depths. So letâs see how to find the right path, shall we?
The larger they are, the less likely they are to fall
This may be a bit of a surprise, but the bigger the organization, the less they may benefit from outsourcing their services, since larger organizations have purchasing power and internal production costs that approach or even surpass all but the largest Cloud service providers.
Smaller organizations may not have the inherent staff and controls to duplicate a Cloud environment in-house cost-effectively. There is also a risk that the internal staff may not be able to master the Cloud technology without some training and outside assistance.
In a larger organization, there are still benefits from adopting Cloud architecture, also referred to as a private Cloud. There are still economies and efficiencies to be gained from consolidating workload and reducing the time from initiation to deployment. In some cases, by using Cloud provisioning techniques, organizations are reporting a four-month gain in productivity over previous methods.
The majority of these gains are likely to be from two sources, one being the use of virtualization to create virtual copies of physical servers. The virtual copy works the same as a physical server; it has the same interfaces and capabilities. The difference is that the virtual server is one of dozens of similar servers running on a single physical device.
The other is the elimination of procurement for a single device. Since centralized procurement of the hosting physical server is already complete, a request for a virtual server can be handled similarly to a request for a new user ID or an e-mail account; no funds have to change hands, everything happens in cyberspace and it is only the delay from a provisioning standpoint that has any effect on the process.
Going virtual
Virtualization technology is still relatively new as commercial off-the-shelf software. It is getting easier to deploy, but professional services companies exist for a reason. If your organization does not have the staff training and skill set, it might be better to bring in some experienced consulting staff to oversee installation of a private Cloud environment or help configure and integrate a public Cloud environment.
Cloud platforms and rapid system prototyping
The benefit of this rapid provisioning in Cloud environments can be seen very clearly in the ability to set up a test system rapidly and in isolation from the corporate network. Testing is seen as onerous by some programmers, so the easier you make it for them to start and document their testing, the easier it is for the organization to mandate compliance.
The cost of providing hardware for the developers can be much less expensive in a Cloud environment. Systems can be configured, used for a time and then the resources dissolved back into the Cloud once the project is completed. There is no capital expense, and rapid configuration can shave weeks or months off costs by eliminating hardware procurement and replacing it with a metered utility Cloud platform rental model that may be pre-approved for an operational surge in capacity requirements.
Partially configured test systems have been used to attack corporate networks. Since they may be connected prior to being completely configured, they may be vulnerable to attack and can get infected by malware. If the infection is undetected, the system can be used as a launching pad for other attacks on the network. By loading test systems off âgoldâ copy images of the corporate operating system, the servers already have the required patches installed and are less vulnerable to attack.
Consolidating low-use applications
If there are low-use applications that require a server, but may not require all of the resources, they can now be consolidated onto one system that is divided into sections called virtual machines.
Each virtual machine will perform and appear in the system environment to be the same as a unique physical server. The difference is that the virtual machine can be started up and taken down without affecting the operation of the physical machine.
Instead of a dedicated server running all the time in a wiring closet, the application can sleep away waiting for the uptick in demand to awaken a call for more resources. In the meantime, other servers with more pressing demands ...