While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Cloud computing resources are like taxis: Once the meter is running, someone's getting billed, no matter the destination. Tools have arrived on the scene to help IT administrators manage billing and automate cloud resources.
Resource automation techniques paired with cloud automation software enable organizations to let cloud resource users help themselves. IT can apply cloud resources to a self-service portal where users, developers and analysts can rapidly find what they need, use it, and move on.
These self-service portals often have the capacity, depending on the process and automation software used, to not only document who's using what, but also establish patterns and quality feedback loops that help improve cloud resource efficiencies, while tracking costs and resources used.
To achieve successful cloud automation, try these tips:
Whatever tools you use with cloud automation, arm them with stripped-to-the-minimum payloads. The payloads are virtual machines — operating systems, applications and data, all wrapped together to do work as virtual appliances. The bandwidth to set up payloads is a tax, and the storage of processed data is an additional cost.
Second, if you reduce the size of the operating system and application to the minimum requirements, you also cut off ancillary processes that can cause your virtual session to die, and you cut down the attack surface of the object from a security perspective. The least-size instance that will do the job is the best size.
Automated tools have the ability to set instances into the public cloud, as well as private clouds. The difference is important. In the United States and other regions, organizational data in some cases cannot legally be moved to a public cloud.
If cloud automation tools allow cloud resource users to run apps in either place, clear boundaries must be established about what kind of data can be sent to the public cloud so as not to violate industry regulations, privacy laws or organizational security policies.
Cloud resources often become more popular to use when they're provisioned in the form of virtual appliances, which bundle patched operating systems and applications into a rapidly deployable model.
Appliances can be grouped into self-service portals to make the selection process easier. Library listings by type make appliance virtual machine bundles easy to identify and track, and allow applications (especially data mining and other job control-like applications) to be aggregated as resources.
Even the smartest cloud automation software doesn’t have the ability to build and deploy fully vetted instances of work. Whether you use libraries of virtual appliances or just slabs of basic Linux, those instances have to be safe, and that means maintaining the patch/fix/security levels outside of the auspices of the automation software that controls them.
Versioning systems are still primitive, and it’s possible to service requests with garbage if you haven’t maintained your libraries. In turn, cloud apps must be able to store data; and while there are a few cloud facilities that understand how to use filing systems, many still use the large-object format that’s familiar to users of Amazon, Rackspace and other public clouds. Security and audit policy may prohibit data storage in formats that aren’t readily discernible by forensic applications, and auditors know how to sound loud alarms.
Many planning steps are required to get to the point of initial provisioning of cloud resources for users and developers. Thinking the processes through — from the first virtualization platform choice through the steps and lifecycle of the jobs that will run through your cloud — gives you the best chance of seeing a return on your cloud automation software investment. And with luck, it knows how to calculate the all-important invoice.