Virtualisation and the delivery of virtual IT services through “the cloud” is the major subject of discussion in IT circles today. It’s actually hard to avoid the discussion because on some levels, the concept of virtualisation is so attractive. The idea of delivering IT services without having to build, manage and maintain IT infrastructure is incredibly appealing, especially to small and medium-sized business enterprises that are looking to manage the ever-present cost of information technology. But how did we even get here?
Virtualised computing is nothing new. The earliest enterprise computers, designed and built in the 1960s, provided a compartmentalised computing experience. By design, these earliest enterprise-level mainframes could generate entirely distinct virtual operating spaces complete with discrete operating systems and virtual machines that completely segregated the processes and operations of one user from those of another. This secure virtualisation architecture was based on “protection rings” that determined which users and operating system processes could do and access what at which security levels.
The move toward decentralised computing originated with the dawn of the personal computer. Small and medium-sized enterprises recognised the value of business computing but had neither the monetary or human resources to introduce centralised computing into their business processes. The comparatively low entry costs of personal and small computers, combined with the growing sophistication of business applications meant that smaller enterprises could take advantage of low-cost technologies.
The inherent limit of decentralised computing, however, is scalability. It turns out that there are limits to the number of servers a business can add without incurring significant costs for data center space, disaster recovery capabilities, maintenance, licensing and support. Business computing is a critical component of most organisations’ business models, but sustaining decentralised computing appears to be both impractical and unwise.
Centralised computing didn’t go away because small businesses adopted a decentralised approach to computing. In fact, quite the opposite occurred. Today’s virtualisation giants quietly improved their products, targeting large enterprises as their primary market share. Today, they’ve increased the processing power and memory capabilities of centralised servers, designed centralised services that appeal to enterprises of all sizes and made products that address the “server sprawl” that SMEs (Small and Medium Enterprise) must contend with daily. By making virtualisation both technologically and financially accessible to the small and medium-sized enterprises, virtualised IT infrastructure providers can help SMEs deliver better IT services at a lower overall cost.
What are the major benefits of cloud computing?
Far and away, the benefit of virtualisation is a significant reduction in the cost of information technology infrastructure for a given computing environment. By divorcing the software server from the hardware server, and similarly separating the desktop client from the desktop computer, businesses can spend less on their IT infrastructure. That means fewer servers on-site, “thin” clients on desktops, virtualised data storage, better license management and even virtual networks.
Businesses spend less because they don’t add new hardware each time they want to add a new server. At the same time, virtualisation means that individual users can have the operating system environments that they need (or prefer) without the individual expense associated with purchasing a complete desktop unit and licensing individual software copies.
Businesses spend less on disaster recovery and business continuity infrastructure. Instead, they rely on a common infrastructure partitioned (and instantly reconfigurable) to meet their exact needs. Adding more storage space doesn’t mean adding more disks, and IT infrastructure resources don’t always need to be dedicated to a particular business function.
All well and good, but does virtualisation work?
What are the major disadvantages of virtualised IT infrastructure?
The impact of a physical hardware failure cannot be underestimated. Hardware can and does fail, and when it fails, it can cripple the servers and processes running on it. If you operate your own virtual IT infrastructure, you may or may not be equipped to respond to the problem immediately. If you contract for virtual IT services through a provider, you need to know what their capacity is to respond to physical failures. Ask for service level guarantees and develop a back-up plan for your most critical business processes and data.
In addition to the impact of physical failure, troubleshooting problems within the cloud can be complicated. With part of your infrastructure outside of your control, you’ll need to rely on the skills and expertise of your virtual IT infrastructure provider.
The freedom to create servers and other virtual machines on an as-needed basis can be tempting because you can create them virtually instantly. Without prudent guidelines on what justifies having a new server, you could end up with a lot of under-utilised (or just plain unnecessary) virtual machines. The justification process for creating a new virtual server should be similar to the process your organisation used to justify the purchase of server hardware, if only because creating virtual machines does absorb resources.
Is privacy possible in cloud computing?
One of the biggest questions about virtual IT infrastructure (which is, by definition, shared) is whether or not the controls in place provide the levels of data security and user privacy that may be required either as a matter of law or a matter of best business practices. Are your data – created and stored on someone else’s resources – safe from outsiders who should not have access to it? Is the virtual IT infrastructure robust enough to prevent users in your own organisation from inadvertently or deliberately accessing restricted data?
In a virtual IT infrastructure, the person or organisation that generates data gives up some measure of control over it. Organisations must rely on the infrastructure provider to support, maintain and reinforce data security at all times.
When an organisation manages and maintains its own data and IT infrastructure, data ownership rights and data stewardship responsibilities are clear. When data are created and maintained in a cloud, these seemingly simple questions may not have straightforward answers.
Can a governmental authority gain access to data through the IT infrastructure provider? How are security breaches handled? Who is ultimately responsible for the resulting harm when sensitive data are stolen or misappropriated from the cloud? What happens to orphaned data? When ownership of data is disputed, how will the virtual IT infrastructure provider respond? Can the provider deny an organisation access to its own data? If yes, under what circumstances? Should certain types of data be excluded from being created or stored in the cloud? What happens to the data if a virtual IT provider goes out of business or gets acquired by another firm?
Laws regarding information, information security, and information privacy are constantly evolving. Often, meaningful regulations aren’t developed until a major incident exposes weaknesses in current laws and practices. Too often, consumers are left to answer these important questions on their own, without any significant legal protection or precedent. In the absence of meaningful regulation, industry guidelines and best practices sometimes suffice. This approach can be powerful among responsible providers and consumers, but it lacks the enforceability of law.
In the absence of specific legal provisions for the handling of sensitive data in the virtualised environment, the best fallback is a contractual agreement or set of agreements among parties that specifies the rights and responsibilities of the virtual IT provider and data creators, and the penalties that can follow in the event of a breach of contract.