This blog is an excerpt from a recent GovLoop industry perspective, Knowledge Transfer: Becoming an Informed Cloud Buyer. To access the full product, head here.
There’s no doubt that cloud consumers are more informed than they were a few years ago. They understand the basics of cloud, what it is, what characteristics to look for and the various as-a-service deployment models. But despite this heightened level of awareness, misconceptions still abound, and it’s time to clear them up.
Roles and Responsibilities
Moving to the cloud doesn’t mean that agencies relinquish complete control and responsibility of their data. Cloud is a team sport, and this is particularly true in the area of security. The reality is every cloud service provider (CSP), regardless of the platform, has a shared responsibility to keep agency data secure. For infrastructure and platform offerings, agencies must address several security controls.
Infrastructure-as-a-Service consumers generally take on greater responsibilities for implementing security controls because they must assume the roles of integrator and operator. That doesn’t mean infrastructure providers are off the hook for implementing security and privacy safeguards. Instead, they are responsible for “providing protections at infrastructure levels that a consumer does not have control of,” according to NIST.
“The best rule of thumb is that the CSP is responsible for everything from the abstraction layer all of the way down through the physical infrastructure,” Blankenhorn said. “The customers are ultimately responsible for managing everything that they put within that cloud — be it code, applications, identities, data and the daily operations of the elements that the customer puts in that CSP.”
Virtualization vs. Cloud Computing
The terms virtualization and cloud computing are commonly used in the same breath, but they aren’t synonymous. Cloud computing is not an outsourced version of the virtualized server environment in your data center, Blankenhorn explained. Cloud requires a completely different architecture and delivers different value. The implementation and management demands are also different from virtualization.
“Virtualization is very good at resource pooling, and it has broad network access at least within the customer’s environment (which isn’t a bad thing),” Blankenhorn said. “However, virtualization often fails to support the on-demand, self-service and measured service (i.e., granular chargeback, based on actual utilization of the resources), and it struggles with the ‘rapid’ component of rapid elasticity, as IT is often the team for provisioning the resources, whereas in a cloud platform the provisioning is fully automated.”
Similar to cloud computing, virtualization technologies can help agencies operate their information systems more efficiently and reduce hardware, energy and maintenance costs, but the end results aren’t exactly the same. Think of cloud as taking virtualization to the next level in terms of self-service and rapid elasticity capabilities, both of which are key characteristics of cloud.