BTL Mark: Resolve interoperability issues & increase buyer confidence
Accept No Substitutes
Why the Real Cloud Matters for your Security Enterprise
President and CEO,
Like every new technology marching its way through the hype cycle, cloud computing has fallen prey to unscrupulous marketers. Their basic crime is to borrow the language, but not the substance, of technological innovation, and mis-apply it to their own products in a cynical bid to fool the public. We’re now seeing this trend spread across the physical security industry, as it belatedly catches the cloud wave that the rest of the IT world has been surfing for about 10 years.
In this article I
will try to explain the business differences between
real cloud technology and the pretenders, and show why that matters to
your wallet, your data, and your risk management profile.
A Model for Cloud Use in Security
Just to establish
a frame of reference for the rest of our discussion,
the following diagram shows an archetypal model of how cloud
applications are used in physical security as a service.
In this model we define three domains of the solution:
The Cloud Defined
First, we should
acknowledge that “Cloud computing” is a broad term
that refers to many different deployment modes and business
strategies. However, they are not all created equal. Some are turnkey,
others roll-your-own. Some are highly secure, with audits to prove it,
while others are easily exploited. Some are publicly accessible to
everyone with a web browser or mobile phone, while others are highly
restricted to just one group of users, such as the government or
military. For cloud-based physical security applications, all of these
characteristics are important for both costs and risk
One of the most
oft-cited reference models to sum up these different
aspects of cloud computing is provided by the U.S. National Institute
of Standards, and captured in the following diagram:
The Cloud and Hosting: Not the Same Thing
One thing no one disagrees about is that “cloud” means “hosted” in the sense that the computing and data storage functions are hosted in a remote data center rather than on the customer premise. This single fact is responsible for both the power and, ironically, much of the confusion about cloud computing. It accounts for the financial power of the cloud model by explaining at least some of its “economies of scale”. It accounts for much of the confusion because being hosted is a necessary, but not sufficient, condition for being a true cloud application.
We see the hosting concept treated as synonymous with cloud computing in the form of vendors placing legacy applications into a data center and christening them as cloud applications—even though nothing about the application itself has changed. This strategy is simply playing “hide the server” and it does not bring any of the economic efficiencies of true cloud applications. Why not? Because one of the core requirements of cloud computing is software multi-tenancy, which is necessary for supporting the essential characteristics of cloud computing:
Software multi-tenancy is defined as “a principle in software architecture where a single instance of the software runs on a server, serving multiple client organizations (tenants).”1 This is important because it is the key to both the economic benefits and cyber security of cloud applications. It is the primary enabler of several of the essential cloud characteristics, including self-service, resource pooling, and rapid elasticity.
It’s also the core of the economic benefits of cloud computing because multi-tenancy allows the service provider to operate a single instance of the software application and spread that cost of running that single instance over the entire user population. For example, a cloud company that had 1,000 customers would use a single logical instance of the application, the database behind it, the storage system, and would be able to load-balance those 1,000 users across all the physical servers supporting the system. This deployment method results in extremely high efficiency for both computing resources and all of the IT support functions they require.
Contrast this with the “remote server” company that does not use
multi-tenancy. They must run individual servers (or at least
virtual machines) for each of their 1,000 customers. This means
individual software licenses for each, individual databases for each,
individual storage for each, individual patch management for each, and
a small army of IT personnel to make it all happen. Not to mention the
technical support headaches that come up when someone has to figure out
which of those 1,000 instances needs attention for a customer
complaint. As you can clearly see, this is a very low efficiency model.
Implications for Cost
The obvious implication of high-efficiency multi-tenant applications is
that they provide a much lower operating cost for the provider and,
therefore, the opportunity to pass on much lower costs for the end
user. Because lower TCO is one of main ROI considerations for companies
considering cloud service providers, this single characteristic is one
of the main benefits of real cloud applications versus “hide the
server” pretenders. Buyers need to understand this aspect of their
cloud service provider’s business because it will determine how much
the solution costs over the long term, and how much the vendor will be
able to devote to new features and service improvements.
Implications for Risk Management and Cyber Security
The multi-tenancy or Software as a Service (SaaS) model also has important implications for risk management and cyber security. As you can imagine, it’s much easier to secure data in a single database instance than it is to secure data in 1,000 (or a million) separate instances. Because cyber security continues to be one of the main concerns surrounding cloud adoption, this characteristic of the “real” cloud solution goes to the core of one of the most important vendor selection criteria in this market.
The cyber security benefits of multi-tenancy apply equally to the rest
of the applications in a service offering because it’s easier to defend
a single logical instance of the application stack than it is to defend
thousands of copies. It is also far more straightforward to perform the
necessary cyber security audits such as SAS 70 or the newer SSAE 16
against a single instance.
Why this matters for Physical Security as a Service
All of these differentiators between real and fake cloud solutions
matter for the success of this model in physical security
First, we all know that our industry is very cost competitive, and the
end users demand a lot of value for their security dollar. That’s why
the economic efficiencies of real cloud computing are important for
both buyers and resellers: over the long term, the better value
solution usually wins.
Second, there is no more important characteristic of a physical
security software application than its cyber security profile.
For these reasons, trust only a true cloud solution—not some server hidden in a closet.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]