9. Add Encryption.
You may want to employ your own encryption instead of, or in addition to, the ones provided by the CSP. While the CSP will encrypt information that is sent over the public Internet and stored in the public cloud, the CSP will be providing the encryption key. This may make your organization uncomfortable, as the key could fall into the wrong hands.
A number of installable products or SaaS vendors can do this type of encryption on the fly. (VPN-enabled cloud instances fall under this category of augmented public cloud security.) When this happens, only the customer and the third party know the key; the CSP does not.
10. Spread Risk with Multiple, Redundant CSPs.
It is common practice to procure high-bandwidth Internet connections for your data center from multiple vendors, precisely because you want to spread the risk of outages among many providers. If one is down, the other has a good chance of being available. Cloud provisioning tools these days come already integrated with leading CSPs.
You can spin up additional instances of servers with multiple CSPs automatically on demand, as sites such as Pinterest (afternoons and early evenings) and Netflix (weekends) do during peak usage. Here, additional instances are turned on if average CPU utilization reaches a certain threshold and turned off once utilization drops.
When spinning up additional instances, it may make sense to use different CSPs in a round-robin fashion. For example, the first may come from AWS, the second from RackSpace, the third from OpSource and so on. That way, events such as the June 29 Amazon Web Services outage will not adversely affect your applications.
Balancing Public Cloud Security and Performance
While security is the leading concern for many organizations using the public cloud for Infrastructure as a Service, there are a number of ways to address this concern effectively. The simplest is to move to the public cloud only those applications and data that are the least sensitive.
If your organization opts to move mission-critical applications to the cloud, you can also add security measures over and above what the CSP provides you. There is always a tradeoff when adding layers of public cloud security, though, since doing so may add points of failure or cause applications to run more slowly. Finding the right balance between security and performance can be difficult, but achieving it will give your organization peace of mind.
Sign up for CIO Asia eNewsletters.