Phasing Applications Into the Public Cloud
Where does a 500-million-dollar, mid-sized company go to implement cloud computing? Where should they begin? How should a company phase its deployment in order to reduce risks?
Wed, January 19, 2011
First, let's focus on a global law firm. Most law firms have similar business applications, so a public cloud provider could address this niche for law firms around the globe. What should they outsource first? I'll outline five deployment phases related to risk and information security. The five include network infrastructure, disaster recovery infrastructure, remote offices, core law applications, and critical sensitive data applications.
Also see our cloud security survival guide
Often the first deployment phase -- network connectivity -- is already outsourced to what could be called a cloud provider. The companies' network connectivity to the main data center (where the law web applications are hosted on web servers) is hosted by one network provider such as AT&T. Their second backup provider may be Verizon (VZ). The network connectivity to all of the law offices is also provided by AT&T and/or Verizon.
Phase 2 should focus on outsourcing the functions that are critical for disaster recovery of the main data center. This architecture could be deployed at a disaster recovery site in another major city where it can be tested to make sure it covers all business critical functions. The cloud provider needs to be checked to see if they support these functions so that you can be assured that a disaster is addressed well and that your phase 3 migration will go well. What components belong in phase 2?
The following components are needed to serve all of the future phases of recovery. The encryption host is currently housed on separate servers and is used to encrypt disaster recovery sensitive data on the main SAN and NAS storage subsystems. The LDAP host defines end user role-based access to systems and applications. Network management systems are used to monitor up-time of the various data center systems. Email applications are needed for managing global email. A firewall protects web traffic from internet attack. Application software update tools enable corporations to update critical application features in a controlled fashion. Load balancers are needed to evenly distribute web traffic to various web servers that serve various web applications. Web servers host critical business applications: word processing, spreadsheets, presentations, and law applications. A simple SAN and/or NAS storage subsystem is needed to support only the critical phase 2 disaster recovery systems.