What if you want to use the cloud for a DR site? What are the security issues? Some quick thoughts:
Document your own security requirements and audit yourself (do you live up to your own standards?), and publish your security requirements to see if a “cloud” or even hosted solution will be able to meet your requirements.
I think that virtualized networking and security tools should allow one to build a self-contained virtual infrastructure that can be portable: move it from one site to another and preserve a secure perimeter, regardless of the physical infrastructure provider (another private datacenter, a managed hosting operation or a “cloud”). If that is the case, the security SLA of the cloud provider becomes less of an issue.
An example is a new technology for storage that encrypts the data written to the storage, regardless of the encryption offered by the storage provider (e.g. What if the provider key is compromised? No problem if the data is encrypted as it is written to “cloud” disk…).
I am thinking about a vision of a fully virtualized datacenter, including networking and security, that would allow it to be moved from site to site and preserve all elements no matter where it was moved to. This would be a sort of virtualized “pod” or “datacenter on wheels”. The wheels, in this case, would be the internet.
The portable (or virtualized) datacenter has its routing, switching, firewalls, IDS, load balancing, servers and storage self-contained in the “trailer”. All the owner of this mobile datacenter would need is a place to park it (the Cloud), a connection to the internet and power.
So, if Altor (or something competitive), in combination with Cisco/Juniper virtual switches and VMware tools (vShield?), can provide that capability, does it matter (as much) about some of the detail about the Cloud hosting provider? When I deployed infrastructure building blocks to AT&T datacenters, I built my own network and firewall, and didn’t rely on AT&T to do that for me. What is the difference here? All I was concerned with in Secaucus or Watertown, with AT&T, was physical security. All datacenters meet that basic requirement, and all the tenants use the POP at the datacenter, but they all have separate self-contained networks for the applications.
Agree, disagree?
Agree, disagree?