"Clouds": what is the advantage over the corporate server
Despite the large spread of cloud services, which are rarely surprised anyone, many still wonder: "How is this better than the server in my office?"
The US National Institute of Standards and Technology describes cloud computing as follows: this is a model of network access to a common set of custom computing resources (for example, network channels, processors, memory, storage devices, applications and services) that can be quickly allocated upon user request. minimal effort from the cloud provider. At the same time, the main feature of cloud computing and their difference from corporate IT-systems is that the user, requesting and receiving information or other cloud services from his PC, absolutely does not know where they are physically located and how they are performed.
Thus, the “cloud” is not a set of technologies, but a specific model for the provision and use of information technology resources and services, their management, with the following characteristics:
Thus, cloud computing leads to a radical change in the way technological resources are used. At the same time, the consumption of “cloud” resources and services is easy to measure, it is easily dosed, and payment is charged to users of “cloud” services for their actual use. All this makes it possible to track the actual consumption of cloud services, and therefore better understand the need for their costs.
Compared to the corporate server, the advantage of the “cloud” is that any user receives “cloud” services upon request, while at the same time they can regulate their volumes independently. All the resources of the "cloud" in the presence of the Internet, are available from anywhere on the planet at any time of the day.
In each company, employees want to receive from the IT infrastructure easily understandable business services for them (e-mail, accounting, anti-virus protection, etc.). It is for the functioning of all such services and services that the basic technological resources are used - servers and processors, RAM and data storage systems, communication channels.
IT companies have long tried to create and provide ready-made offers of such business systems (for example, a server with customized corporate mail), including on lease terms. However, the popularity of the "cloud" in the provision of rental business services has significantly surpassed local systems. MS Exchange corporate mail, various analytics software, CRM systems, etc., are easier to use in the cloud, easily scaling the number of their users and the amount of technical resources.
According to the research of many analytical companies, including Russian, virtual servers today are already significantly more physical. This popularity has an economic explanation: virtualization tools can reduce the fleet of physical servers by about 20%. At the same time, corporate expenses for the purchase of equipment and rental of premises for it, electricity, air conditioning and cooling (emit a lot of heat when the server is running) are reduced by up to 25% in total. About 70% of the implemented server virtualization projects in the world are called successful, and many companies have plans for the further development of their IT infrastructure in the "cloud" direction.
Many skeptics point out, as it seems to them, significant disadvantages of cloud technologies, but most of them have no real ground. For example, according to a survey conducted by the portal TAdviser.ru in 2017, one of the main obstacles to the transition to the “cloud” is many people call the risks of losing access to their data, leakage or loss of important information. By the way, corporate systems are much more exposed to these risks than cloud ones.
Let's take a closer look at how the above risks are prevented in the “cloud”. Any cloud infrastructure has several levels of protection, each of which protects information from a different type of attempt.
Physical data protection in the "cloud"
Getting into the office of a small company and removing the server from it (or destroying it) is easy, whereas with large data centers the situation is quite different. A modern data center is always a closed territory with a multi-level security system, video surveillance and access control, and it is impossible to penetrate into its territory unnoticed.
For example, cloud provider Cloud4Ystores information of its users in data centers with several perimeters of physical security and video surveillance, with careful separation of access to the territory and to the data center premises, even for company employees. Not only is it difficult to get into them, but it is even more difficult to take out anything from there - the server racks in it are much larger in size and weight than the office racks and are really very heavy for a person. The likelihood that someone else will go to the data center and steal or destroy the data drive with your data, or copy it - is close to zero.
Large cloud providers never keep all of their clients' information on the same physical server. For example, Cloud4Y has created a cloud infrastructure with several data centers, in which user data is programmatically distributed across different servers and storage systems with mandatory backups. Moreover, in the Cloud4Y cloud, by default, full duplication of data is performed in two data centers that are physically separated over long distances. Thus, the risk of complete loss of information in the event of a fire or natural disaster, its accidental deletion by the user or even a malicious hacker is almost nil. Even if this could happen, information can be easily restored from a backup.
Protection against hacking / account theft
Breaking of the cloud infrastructure from the outside through network connections is unlikely. It is much more complicated, more expensive and longer than hacking a corporate server. A cloud provider that respects itself and its customers, to protect against hacker attacks, uses more powerful, expensive software that many companies often cannot afford.
However, the likelihood of data theft remains in a situation where the user himself “spotted” his login / password. But this is the client's task - to ensure that its employees comply with the rules of information security. In order to avoid such situations, Cloud4Y always recommends using two-factor authentication for all clients to access cloud services.
The cloud provider provides the most reliable and secure means of access to its services. But sometimes users use other means at their own discretion. Here it is important to know the following - poorly protected third-party software interfaces or APIs for managing and interacting with cloud services put data on companies at risk of leakage or even hacking access to them. If you use third-party interfaces, they must be designed as secure as possible and must include authentication, access control, and encryption to ensure the necessary protection for your data.
Of course, there is also the human factor. There are cases of bribing or blackmailing representatives of a company who have access to the corporate system, that to the cloud, - here the data protection issues should fall on the security services of the company itself. At the same time, it is useless to try to get a login / password or encryption keys from employees of the cloud provider. They do not know them, and in principle can not find out - anywhere in the cloud structure, such data are not stored explicitly.
Traffic encryption
Another level of cloud protection is data protection. Reliable cloud providers will definitely use network traffic encryption using the https protocol using an SSL certificate. In addition, Cloud4Y, for example, also uses Russian certified cryptography solutions to encrypt network traffic at the request of a client. Thus, the data is safe from attempts by traffic analyzers to intercept them.
DDoS protection
Frequent hacker attack on corporate servers, systems and cloud structures - DoS-attack (Denial of Service - "denial of service"). Numerous simultaneous requests to the computing system make it use a huge amount of system resources and eventually cause its overload (DoS), preventing customers from using the system or service.
Most commonly used are distributed or DDoS attacks (from a variety of Internet points), but there are other types of attacks that can block the system. For example, asymmetric application-level DoS attacks that exploit vulnerabilities in Web servers, databases, or other resources in order to “flood” an application with a very small payload.
The corporate structure is virtually unable to resist a powerful DDoS attack. The service of protection against this type of attack is provided by many cloud providers. Having redundant communication channels with a bandwidth of tens and hundreds of Gb / s with geographically distributed Internet access, an excessive number of hardware routers / firewalls, the cloud provider takes all traffic on itself, filters it on specialized analyzers and delivers only legitimate traffic to the customer service.
One of the frequent reasons for not using cloud services is to reject them. For example, IT personnel sometimes perceive the transition to the “cloud” as a threat to their own authority and a potential loss of their workplace. But after all, a sysadmin, instead of the traditional administration of servers, can take up the development and launch of new services for his company in the “cloud”.
The management of companies also often does not understand the benefits of the “cloud”, focusing on their own feelings and not making financial calculations. At the same time, some companies consider the cost of migrating their data to the “cloud” to be quite high. However, all cloud services are provided on a rental basis with monthly payment, which significantly reduces the overall cost of their use. After all, maintenance and modernization of the IT infrastructure are also fully borne by the cloud provider, freeing the company from these concerns.
It is especially important for company executives to be aware of the fact that all the costs for renting a “cloud” are moving from the category of capital expenses to operating expenses, monthly! As a result, the income tax is reduced, financial planning becomes easier, there will be no force majeure withdrawal of assets for the purchase of non-core equipment, and there is no need to spend money on owning a computer fleet, a room for the server and its equipment.
Another obstacle to the use of cloud services is that some companies consider the poor quality of the Internet connection between their office and the nodes of local Internet providers. But in general, a company that respects itself and its business can take care of high-quality Internet in its office, because today it is one of the most important business channels. In the case of individual requirements for quality, reliability, bandwidth and security of data transmission channels, a large cloud provider can provide (build) a dedicated channel from the client to the cloud storage.
Perhaps today there is only one type of factors that can actually prevent the use of the “cloud” - a direct ban or restrictions by regulatory authorities on access via the Internet to critical data of financial organizations, state security structures, etc.
Until now, companies viewed the Internet as a means communication, access to information and interaction with customers. But the Internet is not only a technological tool. It is an open to all architecture that uses the principles of modularity and integration to provide previously inaccessible levels of scalability and flexibility, speed of results and cost-effectiveness.
Do you still want to “patch cracks” in a traditional, fragmented and inefficient IT system that does not provide the business with a sufficient level of services? Or, take advantage of the “cloud” that can provide business benefits through the introduction of innovative technologies, the removal of technological barriers and the flexibility of all your services?
The US National Institute of Standards and Technology describes cloud computing as follows: this is a model of network access to a common set of custom computing resources (for example, network channels, processors, memory, storage devices, applications and services) that can be quickly allocated upon user request. minimal effort from the cloud provider. At the same time, the main feature of cloud computing and their difference from corporate IT-systems is that the user, requesting and receiving information or other cloud services from his PC, absolutely does not know where they are physically located and how they are performed.
Thus, the “cloud” is not a set of technologies, but a specific model for the provision and use of information technology resources and services, their management, with the following characteristics:
First of all, the “cloud” is changing the methods of managing technological and information resources, the ways of providing them to the business. This provides a number of advantages over classical scenarios for the use of office servers.
- Association in a common structure. All cloud resources are organized and managed as a single pool. For example, many physical servers and data storage systems (DSS) are combined into one large system with aggregate computing power and aggregate storage volume.
- Virtualization Resources are packaged in some kind of "electronic" containers, each of which also contains the rules for access to it, use and management.
- Network access. All resources are available online as web services using standard interfaces that allow you to combine them.
- Efficiency. Cloud resources are independent of computing systems and their geographical location, which does not need to be considered when working with them. This provides significant savings due to the easy scaling of resources according to needs and the simultaneous fuller loading of resources.
- Security. Resources are not only secured with perimeter firewall and encryption. Protection is also provided at the local level by implementing certain rules in virtual containers, which is especially important for the most significant information.
- Flexibility. On the one hand, all resources, software and hardware can be reconfigured into new information systems and business services almost instantly. On the other hand, the amount of technological resources can be easily scaled at peak times, and then return to the previous level.
- Reliability. A sufficient level of redundancy is implemented in the “cloud”, while the necessary resources are allocated for creating backup and restoring on demand. The task of creating backup configurations in your office is eliminated.
- Automation. Cloud resource management software automatically performs its functions, dynamically directing the requested amount of resources to the user for their use. This leads to a decrease in the number of daily IT corporate actions and more accurate resource requests.
- Ease of access. There are far more applications, information, resources and business services available to employees, organizations and processes than the iron server under the sysadmin’s desk can provide. As a rule, access is through a regular browser.
- Optimization. The cloud is managed as a single system, so any user gets the opportunity to significantly optimize the resources used due to the best combination of their capabilities, performance and cost.
Thus, cloud computing leads to a radical change in the way technological resources are used. At the same time, the consumption of “cloud” resources and services is easy to measure, it is easily dosed, and payment is charged to users of “cloud” services for their actual use. All this makes it possible to track the actual consumption of cloud services, and therefore better understand the need for their costs.
Compared to the corporate server, the advantage of the “cloud” is that any user receives “cloud” services upon request, while at the same time they can regulate their volumes independently. All the resources of the "cloud" in the presence of the Internet, are available from anywhere on the planet at any time of the day.
Business services in the cloud
In each company, employees want to receive from the IT infrastructure easily understandable business services for them (e-mail, accounting, anti-virus protection, etc.). It is for the functioning of all such services and services that the basic technological resources are used - servers and processors, RAM and data storage systems, communication channels.
IT companies have long tried to create and provide ready-made offers of such business systems (for example, a server with customized corporate mail), including on lease terms. However, the popularity of the "cloud" in the provision of rental business services has significantly surpassed local systems. MS Exchange corporate mail, various analytics software, CRM systems, etc., are easier to use in the cloud, easily scaling the number of their users and the amount of technical resources.
According to the research of many analytical companies, including Russian, virtual servers today are already significantly more physical. This popularity has an economic explanation: virtualization tools can reduce the fleet of physical servers by about 20%. At the same time, corporate expenses for the purchase of equipment and rental of premises for it, electricity, air conditioning and cooling (emit a lot of heat when the server is running) are reduced by up to 25% in total. About 70% of the implemented server virtualization projects in the world are called successful, and many companies have plans for the further development of their IT infrastructure in the "cloud" direction.
Data security in the "cloud"
Many skeptics point out, as it seems to them, significant disadvantages of cloud technologies, but most of them have no real ground. For example, according to a survey conducted by the portal TAdviser.ru in 2017, one of the main obstacles to the transition to the “cloud” is many people call the risks of losing access to their data, leakage or loss of important information. By the way, corporate systems are much more exposed to these risks than cloud ones.
Let's take a closer look at how the above risks are prevented in the “cloud”. Any cloud infrastructure has several levels of protection, each of which protects information from a different type of attempt.
Physical data protection in the "cloud"
Getting into the office of a small company and removing the server from it (or destroying it) is easy, whereas with large data centers the situation is quite different. A modern data center is always a closed territory with a multi-level security system, video surveillance and access control, and it is impossible to penetrate into its territory unnoticed.
For example, cloud provider Cloud4Ystores information of its users in data centers with several perimeters of physical security and video surveillance, with careful separation of access to the territory and to the data center premises, even for company employees. Not only is it difficult to get into them, but it is even more difficult to take out anything from there - the server racks in it are much larger in size and weight than the office racks and are really very heavy for a person. The likelihood that someone else will go to the data center and steal or destroy the data drive with your data, or copy it - is close to zero.
Large cloud providers never keep all of their clients' information on the same physical server. For example, Cloud4Y has created a cloud infrastructure with several data centers, in which user data is programmatically distributed across different servers and storage systems with mandatory backups. Moreover, in the Cloud4Y cloud, by default, full duplication of data is performed in two data centers that are physically separated over long distances. Thus, the risk of complete loss of information in the event of a fire or natural disaster, its accidental deletion by the user or even a malicious hacker is almost nil. Even if this could happen, information can be easily restored from a backup.
Protection against hacking / account theft
Breaking of the cloud infrastructure from the outside through network connections is unlikely. It is much more complicated, more expensive and longer than hacking a corporate server. A cloud provider that respects itself and its customers, to protect against hacker attacks, uses more powerful, expensive software that many companies often cannot afford.
However, the likelihood of data theft remains in a situation where the user himself “spotted” his login / password. But this is the client's task - to ensure that its employees comply with the rules of information security. In order to avoid such situations, Cloud4Y always recommends using two-factor authentication for all clients to access cloud services.
The cloud provider provides the most reliable and secure means of access to its services. But sometimes users use other means at their own discretion. Here it is important to know the following - poorly protected third-party software interfaces or APIs for managing and interacting with cloud services put data on companies at risk of leakage or even hacking access to them. If you use third-party interfaces, they must be designed as secure as possible and must include authentication, access control, and encryption to ensure the necessary protection for your data.
Of course, there is also the human factor. There are cases of bribing or blackmailing representatives of a company who have access to the corporate system, that to the cloud, - here the data protection issues should fall on the security services of the company itself. At the same time, it is useless to try to get a login / password or encryption keys from employees of the cloud provider. They do not know them, and in principle can not find out - anywhere in the cloud structure, such data are not stored explicitly.
Traffic encryption
Another level of cloud protection is data protection. Reliable cloud providers will definitely use network traffic encryption using the https protocol using an SSL certificate. In addition, Cloud4Y, for example, also uses Russian certified cryptography solutions to encrypt network traffic at the request of a client. Thus, the data is safe from attempts by traffic analyzers to intercept them.
DDoS protection
Frequent hacker attack on corporate servers, systems and cloud structures - DoS-attack (Denial of Service - "denial of service"). Numerous simultaneous requests to the computing system make it use a huge amount of system resources and eventually cause its overload (DoS), preventing customers from using the system or service.
Most commonly used are distributed or DDoS attacks (from a variety of Internet points), but there are other types of attacks that can block the system. For example, asymmetric application-level DoS attacks that exploit vulnerabilities in Web servers, databases, or other resources in order to “flood” an application with a very small payload.
The corporate structure is virtually unable to resist a powerful DDoS attack. The service of protection against this type of attack is provided by many cloud providers. Having redundant communication channels with a bandwidth of tens and hundreds of Gb / s with geographically distributed Internet access, an excessive number of hardware routers / firewalls, the cloud provider takes all traffic on itself, filters it on specialized analyzers and delivers only legitimate traffic to the customer service.
Other obstacles to migration to the "cloud"
One of the frequent reasons for not using cloud services is to reject them. For example, IT personnel sometimes perceive the transition to the “cloud” as a threat to their own authority and a potential loss of their workplace. But after all, a sysadmin, instead of the traditional administration of servers, can take up the development and launch of new services for his company in the “cloud”.
The management of companies also often does not understand the benefits of the “cloud”, focusing on their own feelings and not making financial calculations. At the same time, some companies consider the cost of migrating their data to the “cloud” to be quite high. However, all cloud services are provided on a rental basis with monthly payment, which significantly reduces the overall cost of their use. After all, maintenance and modernization of the IT infrastructure are also fully borne by the cloud provider, freeing the company from these concerns.
It is especially important for company executives to be aware of the fact that all the costs for renting a “cloud” are moving from the category of capital expenses to operating expenses, monthly! As a result, the income tax is reduced, financial planning becomes easier, there will be no force majeure withdrawal of assets for the purchase of non-core equipment, and there is no need to spend money on owning a computer fleet, a room for the server and its equipment.
Another obstacle to the use of cloud services is that some companies consider the poor quality of the Internet connection between their office and the nodes of local Internet providers. But in general, a company that respects itself and its business can take care of high-quality Internet in its office, because today it is one of the most important business channels. In the case of individual requirements for quality, reliability, bandwidth and security of data transmission channels, a large cloud provider can provide (build) a dedicated channel from the client to the cloud storage.
Perhaps today there is only one type of factors that can actually prevent the use of the “cloud” - a direct ban or restrictions by regulatory authorities on access via the Internet to critical data of financial organizations, state security structures, etc.
Until now, companies viewed the Internet as a means communication, access to information and interaction with customers. But the Internet is not only a technological tool. It is an open to all architecture that uses the principles of modularity and integration to provide previously inaccessible levels of scalability and flexibility, speed of results and cost-effectiveness.
Do you still want to “patch cracks” in a traditional, fragmented and inefficient IT system that does not provide the business with a sufficient level of services? Or, take advantage of the “cloud” that can provide business benefits through the introduction of innovative technologies, the removal of technological barriers and the flexibility of all your services?