My advice, however, is to always proceed with caution when assessing the suitability of any new technology for...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the enterprise, particularly when it comes to security. Personally, I don't feel cloud computing is mature enough yet for enterprises to risk using it for anything more than development and familiarization, and certainly not critical, sensitive internal applications.
Platform as a Service (PaaS) vendors tend to dictate the database, storage and application framework used, so what about those legacy applications? Enterprises will still require the skills and infrastructure to be able to run them. I think it's this need for specialized training combined with security concerns that will see many enterprises start off with internal clouds, built within the security of their own network.
Though not offering the economies of scale of public clouds, internal clouds keep the enterprise in control of security, service levels and regulatory compliance, and can handle old and new applications. They also avoid the cost and disruption of completely restructuring an existing infrastructure. Once enterprises are comfortable with working with an internal cloud, they are quite likely to move to a hybrid whereby both public and internal clouds are used. For mission-critical applications, this will probably take the form of a private cloud where the enterprise has direct control of both clouds under a unified management system.
But this scenario is some ways off. Even the large PaaS vendors such as Google, Microsoft and Salesforce.com have short track records with their products. They need to be treated as you would any version-one product, with particular attention paid to their service-level agreements. For example, Windows Azure platform, Microsoft's cloud computing platform, suffered an outage one weekend in March. Had your enterprise been using the service, how would the outage have affected the organization's ability to conduct business? Alternatively, it would have been Microsoft's responsibility to fix it, not your IT team's (but be careful; your executive team may not see the distinction).
If you're looking for guidance on what uptime you should expect in a service-level agreement, the Cloud Computing Bill of Rights provides a useful checklist of protection with which to benchmark a supplier's offering. This is a wish list, but I think the upcoming National Institute of Standards and Technology (NIST) Cloud Computing Security publication will do a lot to standardize federal-compliant cloud infrastructures.
Once enterprises understand how to meet compliance demands and can control risks within a cloud environment, then cloud-based platforms could well become the obvious choice for enterprises as well as startups. This is why cloud service providers are scrambling to develop enterprise-class controls to give better control and management of resources and data in cloud environments.
Dig Deeper on Cloud Computing Platform as a Service (PaaS) Security
Related Q&A from Michael Cobb
Open source NoSQL MongoDB database faced 30,000 insecure instances. Expert Michael Cobb explains the misconfiguration that led to this, and how to ...continue reading
A new Veracode report offers details on common mobile application security risks. Expert Michael Cobb explains these flaws, and what developers can ...continue reading
Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.