Thoughts on British ICT, energy & environment, cloud computing and security from Memset's MD
While adoption of cloud computing has grown rapidly in the last year, many IT directors remain wary of moving company information and communications to the public cloud. “Hybrid cloud” services are aimed at addressing those fears by giving some of cost and performance benefits of public cloud but without giving up trusted data. “Public”, “Private”, “Hybrid” and “Community” are all deployment models of cloud computing. In this article I am mainly focusing on just one of the service models, infrastructure as a service (IaaS). For more background on what services models mean see, “What is cloud computing?”
How Does Hybrid Cloud Work?
People often mean or think of cloud bursting when they say “hybrid cloud’ but the definition is actually much broader. NIST’s technical definition of hybrid cloud is as follows:
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
For most practical purposes hybrid cloud is where an organisation uses in-house resources (computing, storage, etc) together with external third-party cloud resources either on a continuous basis or in the form of a ‘cloudburst’ when their load peaks beyond the capacity of your internal resources.
Therein lies the problem; if you can allow an application to burst into a public cloud provider’s infrastructure then it clearly is of a sufficiently low security level that you may as well use public cloud alone, since that will always be cheaper than a private cloud thanks to economies of scale.
Further, if you are using a private cloud for hosting an application then you are presumably doing so since you need to have private, dedicated infrastructure for that application due to its latency or security requirements, which would preclude it being allowed to burst into public infrastructure.
Even if the data is encrypted on-disk it must be decrypted to be used, and even if only done in RAM you are still potentially susceptible to prying eyes if you don’t trust your provider, so that does not help to actually exploit hybrid cloud.
Why use Private Cloud?
The eventual goal for organisations should be to move everything into the public cloud to leverage the greatest benefits. Public cloud services will ultimately be cheaper and more resource-efficient than private since you are then accessing the economies of scale of the provider and are able to mitigate peak-load requirements thanks to the shared infrastructure, analogous to how the electricity power grid operates.
But in the short term some companies do not trust public cloud services for a range of reasons: wariness of virtualisation as an adequate segregation layer – an unwarranted concern in my view; a requirement need to ensure that their data remains in a known location, eg. for UK data protection; or a requirement that only certain people have access to the data – as any systems administrator knows, if you have physical access to a machine then you have access to the data on it.
That is where private cloud comes in. There are two sorts of private cloud: 1) on-premise private cloud – essentially a company’s own data centre with some cloud technologies deployed; 2) off-premise private cloud – cloud infrastructure (servers, storage and network) physically dedicated to that one client but in a third party’s data centre.
However, all those security issues can be trivially addressed, even in the public cloud. In 9 years we have had no security breaches of our virtualisation layer, despite numerous attempts; we are an entirely British company; all our staff are background checked and we monitor all access to customer servers by staff – this all backed up and audited under our ISO27001 certification.
We are just one of a number of companies who can address these issues, but unfortunately, I believe a lot of companies are being hoodwinked into buying expensive private cloud solutions for the wrong reasons, sometime just by unscrupulous vendors, but also often by CTOs trying to maintain their mini-empire in the face of outsourcing to low-cost utility computing providers.
Let’s face it; there are very few applications outside government and a few specialist industries such as finance and pharmaceuticals which need to be hosted in-house, and hypervisor virtualisation and cloud storage systems have shown itself to be a sufficiently secure containment / separation mechanism for most purposes.
In fact, the UK government has recently stated its intent to host up to impact level 2 data (impact levels are a measure of data sensitivity, the scale runs from 0-6) with public cloud providers using hypervisors as the segregation layer – ie. their data and applications will be on the same physical hosts as other customers. For the time being there will be some companies that insist on private cloud as part of their mix, but want some public cloud benefits, so we have “hybrid cloud”.
Is Hybrid Cloud A Myth?
When considering the correct deployment model the individual data sets and applications need to be considered separately. Some will be suitable for public cloud and the more sensitive may need to be hosted on a private cloud. The two do not mix – by their very nature they need to be segregated, since applications that need to be hosted on a private cloud environment should not be co-located on the same hardware lower security applications.
It sounds like I’m saying hybrid cloud is pointless / flawed, and to an extent I am, but I think it is more a confusion of terminologies. Some examples:
1) Alpha Inc. has an in-house data centre that they are using which is fine for base loads but not demand spikes. Their applications are no more sensitive than most companies, so they are cloud bursting into the public cloud using providers with suitable credentials for their requirements (location, access control, security accreditations etc).
This is an example of hybrid cloud, but in the longer term it almost certainly doesn’t make sense for Alpha Inc. to own infrastructure – they should just farm it all out to the public cloud.
2) It is 2013 and Bravo PLC is a CGI film video specialist. They have a surplus of internal resources after to deploying server virtualisation and data de-duplication technologies in their two data centres. They decide to try and put their spare servers to good use. Data centre #1 is now completely un-used, so they install OpenStack on the machines therein and offer the resources out via the (yet to be realized) interoperable cloud market place for use by anyone.
Data centre #2 is still being used to crunch the footage for up-coming new flicks such as ‘Avatar 2: The Na’vi Strike Back’ which are sensitive information. Trusting their fellow CGI companies, and knowing they have a shortage of resource, they offer data centre #2’s resources to the rest of their industry.
Bravo PLC has just become a public cloud provider with data centre #1, and with data centre #2 they have created a community cloud (yet another deployment model). Neither of these cases are a hybrid cloud and nor can one call the two together a hybrid since they are physically and operationally distinct from.
3) Charlie International provides services to charities looking after vulnerable young people. Their database holds sensitive information that only their staff must ever be able to access. They also have a busy external-facing phone app site with spikey traffic loads. They choose to undergo a rationalization of their data centre estate, install virtualisation software to get more out of their existing servers and outsource what they can. They keep their operational data in-house and outsource their phone app’s backend to the public cloud. They save lots of money and are able to sell off half their data centre.
Charlie International are using both public and private cloud, but not hybrid. One might erroneously call it “hybrid” since they are using both private and public, but critically any one application uses either one or the other, not a hybrid of both.
4) Delta Ltd. are an innovative start up offering a hosted Wiki software as a service solution to government through the G-Cloud. They have become a victim of their own success however; while any individual Web page on its own does not have much sensitive data on it, when you add up all the hundreds of thousands of pages of government data on their systems it has a higher security requirement. However, their load is spikey and part of the reason government likes them is they are very cost effective thanks to using public cloud.
To get around this Delta Ltd. migrate their central database onto a private cloud storage infrastructure in the same physical data centre but in a caged off, government-certified secure area (their chosen public cloud provider is part of the G-Cloud). They work with their IaaS provider to expose the database through tightly controlled channels into the provider’s public cloud and use a cluster of public cloud virtual machines (VMs) as the front end of the wiki, elastically scaling with demand. At no time is the entire data set present in the public cloud thus maintaining the necessary security.
This is a genuine hybrid cloud solution in my view. There are few cases however where such an approach would be warranted and it is also technically complex.
5) Echo LLP are a big law firm with a legacy data centre. They hear about what Delta Ltd. did and try to do the same with a new client self-service system, but keeping the mass of client records in their own data centre as part of an on-premise private cloud. They unfortunately failed to assess the bandwidth and latency requirements, and it transpires that having the front end VM cluster 20 miles away from the backend and only accessible over their single, slow corporate data centre Internet connection was a really bad idea. The service fails horribly.
Echo LLP would be using hybrid cloud, but I honestly can’t see such an architecture being viable in the majority of instances.
In closing, I expect the term “hybrid cloud” to eventually vanish. The only circumstances where one actually needs a true hybrid of public and private cloud is the likes of Delta Ltd., but as confidence in the underlying technologies improves the security focus will shift from “is my data on the same tin as some WordPress VM a script kiddie has hacked” to ”is my data being looked after by a company with security measures in place to good enough prevent my competitor trying to bribe their systems administrators to steal it”.
With this change in focus we will see simply a number of different public cloud providers operating with varying security levels and service level agreements. G-Cloud is already going to be doing that with an IL-2 and IL-3 cloud. As that happens, off-premise “private” cloud will effectively cease to exist, becoming just a more secure public cloud offering. That will leave on-premise as the only private cloud deployment model. As articulated in Echo LLP’s case, it is not usually practical to have corporate applications spanning physical locations.