[banner]
November 27, 2018

Making the Case for High Quality Cloud in a Commodity World

Commonality of Commodity Cloud

Moving to the cloud is a tale as old as time—tech time, that is. Cloud computing spending is expected to grow at better than 6x the rate of IT spending through 2020 (IDC). Obviously, businesses are moving IT infrastructure into the cloud increasingly, typically to reap one or more of the following benefits:

  • Efficiency
  • Scalability
  • Storage and backup options
  • Resiliency, thanks to the elimination of hardware
  • Cost effectiveness

In many cases, enterprises are opting for commodity cloud providers: the Amazon, Microsoft, and Googles of the world. Under certain circumstances, these types of clouds are a great option. If flexibility and strong service levels aren’t of particular importance, commodity clouds are worth evaluating.

On the contrary, if you’re looking to take advantage of the cloud and get the most out of what it has to offer, going the perceived cheap route isn’t always advisable. If you’re looking for performance, security options, and support for compliance, consider working with a specialized data center cloud partner. When you have particular requirements for your computing environment but rely on a commodity cloud, it’s probable you’ll end up paying more in the long run, anyway.

How to Do Cloud When Security is a Priority

The security environment of today is a virulent one, and the landscape will only become more risk laden. Malware is on the rise and extending into mobile devices. Identify theft has come to be commonplace. Costs of data breaches are rising. In a perfect world, security would be a priority for all organizations; some, however, deal with more sensitive data and greater compliance demands than others. If this is the case for you, there are a few reasons why leaning on a specialized cloud provider as part of an integrated data center offering may be your better option.

First off, specialized cloud partners are going to put a lot of effort into securing your cloud from the get-go; security is typically going to be inherent in their infrastructure. They’re likely going to offer more than just firewalls, monitoring, and generalized threat protection.

Second, they’ll take the time to get to know your systems and environment inside and out in order to determine the best approach to security. Comprehensive managed services can be rolled into your cloud, whereas with a commoditized budget cloud, these responsibilities are going to fall onto your IT team.

A premium cloud service may be higher in cost initially, but it won’t come close to comparing to the costs of a breach or outage as a result of a security incident. If security is a priority within your organization, then you’re going to want a cloud with defense-in-depth security, period.

Compliance is a concern when it comes to commodity clouds, too. You’re not going to get support for your compliance requirements such as audits and audit responses, nor will they cover a significant percentage of controls. Consider HIPAA or SSAE18 compliance as an example. In an commoditized cloud they are rigid and inflexible towards auditors and auditing requirements. You get what you get. Auditors are not permitted to review or conduct a walk through of the data center. In DataBank’s cloud offerings, we welcome customer auditors and provide audit support to meet customer needs. We are clear on where boundaries exist and let customers know up front what a they are responsible for and what DataBank is responsible for.

Defense-in-Depth Cloud Security at DataBank

Consider the DataBank public cloud, for example: a secure, scalable IaaS computing infrastructure built on top of a highly available, multi-tenant PaaS environment powered by VMware. We institute industry defined controls and practices with a defense-in-depth approach to cloud security.

  • We start at the perimeter, where we set up both internal and external DDoS mitigation to stop even the largest-sized and most complex attacks against customer infrastructure. Our DDoS mitigation technology is automated and detects attacks in real time.
  • From a scalability standpoint, all DataBank network pipes are oversized at the perimeter, which allows for massive bursts of traffic, whether from an attack or a surge in legitimate traffic. Regardless of the amount of bandwidth that gets thrown at a customer environment, DataBank can accept it within our facilities. In addition, we offer IP reputation filtering, which allows us to use external and internal sourced intelligence data to block known bad actors from trying to connect to your infrastructure.
  • The next major piece of security is focused on IDS/IPS, which allows us to watch every single packet coming into and out of our network. We’re able to identify patterns of bad behavior and automatically stop attacks launched at your infrastructure and applications.
  • Load balancing services provide SYN Flood protection with load balancers acting as a proxy. By filtering all requests through our load balancing services, attacks launched via connecting to your servers can be prevented.
  • All traffic is routed through dedicated firewalls, whether physical or virtualized. Our security engineers manage rules, protection, VPNs, uptime and the synchronization of HA.
  • Given that so many data streams are encrypted over HTTPS, we run intrusion detection and prevention inside customer networks where SSL certificates are installed, allowing IDS/IPS to inspect data once it’s inside.
  • DataBank also offers web application firewalls, similar to IDS/IPS, except they search deeper within layer 7 application/web requests to discern what is malicious and benign on a more granular level.
  • Host-based intrusion prevention and antivirus look for executables that appear malicious on servers themselves.
  • As a last line of defense, we offload the logs, maintain and review them for anomalies and other events that may have gotten through the other layers of defense.
  • Very few cloud providers offer this level of security sophistication, and it will certainly not be found within commodity clouds as an inherent services. We strive to make your data stay truly safe and secure.

We’re not discouraging the use of commodity clouds. They have their own functional applications and can be a great fit for certain use cases. It’s not that they’re inherently less secure; it’s that the responsibilities of security will be yours to manage, which can become a risk if you don’t have the necessary internal resources or skillset. If security and compliance is a primary concern within your organization, we encourage you to prioritize protecting your business over budget, and think of working with a cloud partner as an investment rather than an expense. The consequences of cutting corners on security are far more costly than opting for a cloud of higher quality.

If a truly secure cloud is on your wish list, DataBank can walk you through your options. Reach out to us, or call us at 1.800.840.7533 and speak to a cloud specialist.