Open-source cloud computing offers compelling potential—cost savings, innovation, low barriers to software deployment, avoiding vendor lock-in and a broad community of support, to name a few.
Despite this, CIOs and IT executives still have misconceptions about the challenges surrounding open-source cloud technologies, such as a perceived lack of security or the potential inability to handle business-critical applications.
We’re here to address these perceptions in a five-part series to show that these myths are just that: misconceptions about open-source cloud.
First up, the lack of security. The idea here is that there’s inadequate security with cloud computing in general. For several years, concerns about security have kept a large number of organizations from moving data and workloads to the cloud, particularly public cloud services.
The fact that some services use infrastructure that’s shared among a number of customers creates a concern that data from one organization will somehow be exposed to or accessed by others. And the idea of storing information on a service provider’s servers, vulnerable to whatever weaknesses the service provider’s infrastructure might have, makes some companies think this is too much of a corporate risk.
IT departments have multiple cloud deployment options to choose from – private clouds, public clouds and managed private clouds. IT organizations are best served by embracing multiple deployment models, with the appropriate security level in mind. For example, mission-critical workloads containing sensitive data are best suited for private and managed private clouds.
With open-source cloud computing, there is a stereotype that these products and services are being created by amateur developers who are not skilled enough to build enterprise-grade security into the software they are developing.
On the contrary, open-source cloud computing products are designed from the outset with security in mind. For example, there are features such as identity management to monitor who has access to content, and data encryption to safeguard information while it’s at rest or in transit.
Furthermore, open-source cloud software is peer-reviewed by community participants, leading to continuous improvements in the quality of security features and mechanisms. This community also monitors and rapidly discloses vulnerabilities and issues, and provides security updates to address them.
It’s important to keep in mind that much about security involves using common sense and ensuring that users follow security policies and procedures. For instance, application developers should use Transport Layer Security, which employs cryptographic protocols designed to provide security over networks.
Managers need to emphasize that information security is the responsibility of everyone in the organization, including developers, network administrators, support personnel, managers and end users. Cloud development and use today involves virtually everyone across the enterprise. In other words, security is everyone’s job.
That also extends to the relationship between the cloud provider and buyer. CIOs and their vendors must understand the security roles and responsibilities and to whom they belong.
Research from International Data Corp. (IDC) released earlier in 2015 showed that many organizations expect to rely on hybrid cloud architectures, and that open hybrid cloud will become the de facto enterprise IT architecture.
In deciding where to run workloads within these hybrid environments, the IDC report noted that security, as well as cost and application support will drive cloud workload placement choices among companies. Security, user access controls and regulatory compliance policies were among the factors deemed most important by organizations when looking at the cloud.
There’s a huge difference, though, between taking steps to ensure security with open-source cloud initiatives and writing them off because of perceived security vulnerabilities that can’t be overcome. Rather than give in to the myth, IT decision makers need to be open minded about open-source cloud, and determine which deployment model – public, private or managed private cloud – makes the most sense for a particular workload or use case.