Allan Leinwand

Transparency in the Cloud and the Lack Thereof

Cloud Transparency

The enterprise cloud is changing the way we do things from our day jobs, to social media, entertainment, and everyday interactions. While many of today’s enterprises are leading the way to complete digital transformation, one concern they often have is the lack of transparency of cloud computing.

It’s a fact that many cloud service providers do not offer customers visibility into their operating environments. Customers have no idea where their data resides physically or virtually, and are not given access to information about specific services or when those services will be upgraded. While this is generally accepted in the consumer world, the enterprise cannot tolerate this lack of visibility, access, and lack of control of their own data or the services that run the business.

The absence of transparency has led some enterprises to consider building private clouds in their own data centers. While this gives them the control and visibility they want, it also comes with a big price tag, not to mention security and operational issues. In the end, it’s not worth the time and resources, and it doesn’t allow the enterprise to take full advantage of the positive features of public cloud services.

On the flip side, public clouds provide many benefits for the enterprise including the ability to quickly launch services that change the way work gets done.

Some of these services include: 1) virtual machines for developers and quality engineers, 2) storage for backups, 3) desktop productivity applications such as email and calendaring and 4) IT, security, legal and customer service workflow applications. Of course, every enterprise wants all these services but unfortunately, the transparency and control that enterprises want is not there today in most public clouds.

In order to make the enterprise cloud the platform that drives all enterprise workflow, a compromise has to be made. Cloud service providers need to give their customers greater visibility and the control they are used to having in their own data centers. Customers should expect the following from their cloud service provider:

  • Choose where your data goes – One primary factor in achieving true visibility and control of data in a cloud service is that customers should be able to request and know where their service and data physically resides (i.e. datacenter locations). This knowledge will help customers overcome some of the fear and lack of confidence that can at times occur with the seemingly ominous idea of data floating around somewhere in “the cloud.”
  • Real availability – An additional element of customers achieving increased visibility of their data in the cloud is the level at which data availability and metrics are available. Instead of customers all being grouped together in large sets of data without the ability to distinguish one from another, availability should be achieved at the customer instance level. With availability at this granular level, customers can be presented with customized metrics specific to each of their instances, instead of a more generic set of metrics applying to a group of customers. This is real availability, and combined with knowledge of the physical location of data and services, customers can achieve true visibility into their data and have a significantly higher level of confidence and trust in the cloud service provider.
  • Deal with the issues – If there is an availability issue then customers should have access to the root cause incident with all the details. If the incident results in a problem that needs to be fixed in the service provider’s software or a change that needs to happen on the infrastructure, then this should remain transparent to the customer. Customers entrust their data to the cloud service provider, and in return they should expect an honest and realistic view into the service provider’s management of that data. When problems arise, they should not be invisible to the customer, the customer should be given information about the issues and insight into how the issues are being resolved.

CloudTweaks Comic

  • Granular transparency – In addition to remaining transparent when issues arise, service providers should also provide customers with a high level of transparency every day, with all transactions impacting a customer instance. Customers are used to running their own services, with the ability to monitor and see their data on a daily basis. As such, service providers should provide customers with the ability to view and download every transaction that is performed on their instance, and remove one of the main hurdles customers face in handing over data to a service provider on the cloud.
  • Full control – Whether it is for compliance, testing or user acceptance purposes, enterprises want complete control of their instances including when their service will be upgraded or when new features will be enabled. Customers should be able to have input on the date and time of upgrades as well as all aspects of the management of their instances. This moves beyond the visibility and availability of services and data and ensures that when services are being changed or updated, the customer has more than just transparency, they have control.

While it’s not a perfect system, cloud service providers are catching on that they need to build and operate a service similarly to how an enterprise runs their services, giving them full access to their data. This transparency will help enterprises have greater confidence in the cloud and will strengthen the relationship between provider and customer.

By Allan Leinwand

Allan Leinwand

Allan Leinwand is chief technology officer at ServiceNow, the enterprise cloud company. In this role, he is responsible for overseeing all technical aspects and guiding the long-term technology strategy for the company.

Before joining ServiceNow, Leinwand was chief technology officer – Infrastructure at Zynga, Inc. where he was responsible for all aspects of technology infrastructure used in the delivery of Zynga’s social games including data centers, networking, compute, storage, content distribution and cloud computing.

Previously, Leinwand was a venture partner for Panorama Capital, LLC where he focused on technology investments in data networking, open source software and cloud computing. Prior to this role, he served as an operating partner at JPMorgan Partners.

In 2005, Leinwand founded Vyatta (acquired by Brocade), the open-source networking company.

Leinwand currently serves as an adjunct professor at the University of California, Berkeley where he teaches on the subjects of computer networks, network management and network design. He holds a bachelor of science degree in computer science from the University of Colorado at Boulder.

View Website

CONTRIBUTORS

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have ...
Secure Business Agility

Why Information Security Need to be Empowered to Manage Data Breaches

Manage Data Breaches 2017 saw over 2 dozen major security breaches in 2017.  While the public may have grown numb to ...
Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, ...
3 Ways to Protect Users From Ransomware With the Cloud

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have ...
Combatting Malware in the Cloud Requires a New Way of Thinking

Combatting Malware in the Cloud Requires a New Way of Thinking

Malware in the Cloud It’s no secret that cloud adoption has exploded in the enterprise over last few years. However, ...
The Cloudification of Healthcare: Benefits and Risks

The Cloudification of Healthcare: Benefits and Risks

Cloud Healthcare: Benefits and Risks Many organizations are moving most of their business-critical applications and workloads to the cloud. The ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Chris

The Cloud Isn’t a Security Issue; It’s a Security Opportunity

Security Issue In order to stay ahead in today’s competitive business landscape, companies need to constantly innovate. Development teams must ...
Part 2 - Identity Assurance by Our Own Volition and Memory

Part 2 – Identity Assurance by Our Own Volition and Memory

Identity Assurance by Our Own Volition and Memory We believe that the reliable identity assurance (See part 1) must be ...
Chris

Why An Inside-Out Approach to Cloud Security Is Your Safest Bet

Cloud Security In September, McKinsey released what might be looked back upon as a seminal survey. It opened the report ...