4.3.3 Security, Resiliency, and Service Management – The Superstructure

Like the superstructure which ensures the integrity of a bridge’s design, the elements of cloud computing environment – security, resiliency and service management – ensure the integrity of its design. Without these “superstructure” elements the value proposition associated with cloud computing will collapse and the economic benefits promised by cloud computing will be just illusions.

For some workloads, compliance with industry regulations like HIPAA (Health Insurance Portability and Accountability Act) and SOX (Sarbanes Oxley) require businesses to keep complete control over the security of their data. While there is much innovation happening for security within public clouds, the maturity level of these technologies may not yet be at a level where security and regulatory compli- ance can be guaranteed. However, even in these cases, an enterprise can still off-load non sensitive/critical workloads onto a public cloud while using a private cloud to

4 The Role of Networks in Cloud Computing 77 The network plays a key role in the establishment of these regulatory compliant

clouds. Private WAN services must be enabled to provide the security needed for the private portion of the cloud. If a hybrid cloud environment is being used then the network must also be able to provide the federated connectivity and isolation needed and support the proper level of encryption for VPN tunnels which will be used by the public clouds to access data which remains behind a corporate firewall. Although there are other cloud deployment options available for workloads which do not have the need for the same level of compliance, networking connectivity and security functions are still central for a successful deployment of these cloud services.

Service management and automation also plays a critical role in hybrid clouds. As cloud services continue to advance, it is more likely that in the future network- ing services for cloud applications will be offered through an application-oriented abstraction layer APIs, rather than in specific networking technologies. Within this network architecture paradigm, modification and provisioning of network resources can be made in a more automated and optimized manner via service management or network self-adjustment. Specifically, these modifications can be made via operator- initiated provisioning through service management systems to assert direct control on network services, or via “smart” networking technologies which can also adapt services in an autonomic or self-adjusting fashion. Furthermore, it is critical that the network service management and the smart networking technologies are tightly integrated with the overall management for the cloud service delivery so that the changes required by the upper layers of the cloud “stack” in network resources can

be carried through by the network service management or self-adaptations in an automated fashion. Many of these “smart” networking technologies are focused on maximizing the resiliency of cloud deployments in terms of the availability, performance and work- load mobility. For example, application delivery networking services optimize the flow of information and provide application acceleration by the classification and prioritization of application, content and user access; virtual switching technol- ogy provides an “abstraction” of the switching fabric and allows virtual machine mobility.

As these “smart” networking technologies mature, their capabilities will extend beyond the current capabilities for a single cloud to the “intra-cloud” as well as to the “intercloud.” With this maturation, the hybrid cloud will provide unprecedented lev- els of global interconnectedness for real time or near real time information access, application-to-application integration and collaboration.