IaaS Cloud Hosting: Why Providers Can’t Ignore Scalability, Security, and Support
Posted on November 15th, 2012
Many articles and blog posts on cloud computing address the trend of IaaS cloud hosting from the perspective of buyers. Questions like “what are the risks and pitfalls buyers should be cautious of?” are addressed and industry reports heavily focus on the education of users. But what about the providers? Customers are not the only risk takers and beneficiaries of cloud computing, and at the end of the day service providers are usually held responsible for malware, cyber attacks, and downtime. This article aims to describe the challenges and second thoughts of becoming a provider of Infrastructure as a Service solutions.
Developing a successful IaaS solutions starts with carefully planning the service, taking into account latest research on trends from a tech perspective, customer demand, common drawbacks, and what the competition has been up to. Often, mid-sized web hosting companies are struggling to establish successful IaaS solutions as part of their product range because it is a time consuming challenge that requires extra staffing. Especially if they’re innovating new features within their solutions. Nevertheless, in the process of creating a cloud hosting service, analyzing the market and building a solution according to the latest industry standards is the foundation for future success.
Having conducted such an analysis with help of industry forums, research articles, and recent surveys, the following three are among the factors that need to be addressed when planning to provide cloud infrastructure:
1. In line with their very nature, cloud services need to be massively scalable. Scalability is the distinguishing factor of cloud hosting and one of the major selling points of a respective service. Developing a cloud solution, the challenge is to make available the exact resources that a customer’s application delivery requires. As one size does not fit all, instant expansion and reduction must be possible at any time. “While many customers first investigate using IaaS to achieve cost savings, most customers buy IaaS to achieve greater business agility, or to gain access to infrastructure capabilities that they do not have within their own data center.”*
2. Another crucial aspect of cloud computing is security, maybe even one of the most discussed issues of the industry. According to a recent white paper, “68 percent of enterprises are not confident in the security of their data placed in the cloud”**. To outline and discuss the various layers of advanced security of IaaS would require a massive white paper on its own. Nevertheless, there are some core issues that industry experts seem to focus on: Information security and access, for instance, are major issues of concern. Especially if a provider plans to accommodate multi-tenancy, they need to think of efficient ways to utilize the same hardware and network infrastructure for multiple customers, while guaranteeing complete separation of their individual networks.
Server security questions should also focus on the access to data applications through a sophisticated user authentication process and strictly regulated access policies. “The capability to block traffic to an application or server in the data center or cloud can no longer be based on the typical source or destination addresses of hosts. Now it must be based on the identity or role of the user, the process, or application in the transaction.”**
Besides information and access security breaches, providers need to account for a cutting-edge firewall as well as an intrusion prevention system that encompasses a sophisticated malware detection, as well as a system that uncovers and prevents unauthorized access attempts. This is not an easy job and security gaps challenge even the most experienced software engineers. Moreover, there are more and more cyber attacks by groups like Anonymous that make the international headlines. Remember the incident when the notorious hacktivist group obtained access to MasterCard and Visa’s mission critical data and took down their sites?
Last but not least, in the category of cloud security, another challenge is to make the highly complex, and sophisticated systems transparent and easy to use for prospective clients. “In many cloud deployment scenarios, customers have no knowledge at all of the underlying security products because they are being managed by an outside source.”** Nevertheless, giving up responsibility by turning to a cloud provider ideally shouldn’t mean to loose control over ones IT assets.
3. The third challenge to overcome when developing an IaaS service is the multifaceted issue of support. As much as providers want to employ a system of automatic provisioning of their virtual machines that includes self-healing algorithms, for instance, servers still need to be manually managed and maintained to account for customization, scalability, and retention of data. This requires human resources ready to troubleshoot 24/7. Furthermore, the aspect of support also ties in with the goal of preventing clients from loosing control over their own IT assets. Thus, a provider seeks an efficient and agile deployment model that maximizes hardware efficiency and minimizes human intervention while being easily scalable. The latter is amongst the biggest challenge because it aims for the possibility to install and configure operating systems on physical servers in as little as just a few minutes, which is hard to be achieved.
All in all, a major reason why it is hard to get on board with IaaS cloud hosting as a traditional web hosting provider, is that developers often struggle in their attempt to reinvent the wheel. Their goal is to develop a new, innovative service or a niche product that will hit the market and become a big success. On the one hand, coming up with a new solution can grant a valuable competitive advantage to a hosting company. On the other hand, it is risky to offer something completely new as there is no opportunity in learning from others’ experiences and mistakes, and it sometimes requires educating the customer.
A final observation to sum up this article is that providers usually keep traditional server hosting and IaaS cloud hosting services separate. According to a Gartner report, the analysts “expect the market to converge fully within five years, but most providers today offer traditional Web hosting and cloud IaaS on two different platforms”.***
*Gartner Magic Quadrant for Public Cloud Infrastructure as a Service Report written by Leong, L. and Chamberlin, T. Retrieved from http://www.gartner.com/technology/reprints.do?id=1-18BON1E&ct=111214&st=sb
**Cisco Data Center Security Mitigates Risk when Transitioning to the Private Cloud written by Cisco. Retrieved from http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns376/white_paper_c11-714844.pdf
***Magic Quadrant for Cloud Infrastructure as a Service and Web Hosting written by Loeng, L. and Chamberlin, T. (2010).