Businesses eager to offload resources to third-party cloud hosting services often overlook the effect on network infrastructure and management.
Enterprises conserve resources at the local area network (LAN) level when they adopt cloud computing. Most server administration can take place with the administrator and server in two different locations. And most server administration can be conducted on hardware that doesn't belong to the organization doing it. An organization's entire data center network infrastructure could exist in the cloud, freeing up local network resources that otherwise would have supported operational tasks.
Companies offloading much of their existing server infrastructure to Rackspace, Amazon Web Services and their competitors see a cost benefit in this scenario. But amid all of this cost-cutting, they rarely ask about what type of changes are needed locally, with respect to personnel and network infrastructure, or how transparent server workload handling will be once it's offloaded to a third-party cloud infrastructure.
Consider a Secure Sockets Layer (SSL) decryption scenario, one example of network use in a typical business. About 25% to 35% of all inbound network traffic to an organization is SSL-encrypted, shows research conducted by NSS Labs, an information security research and advisory company based in Austin, Texas. Companies deploy SSL decryption to read end-user encrypted traffic. SSL decryption devices mimic the behavior of a legitimate certificate authority.
SSL decryption is not a simple bolt-on device that enterprises set up and forget about. Skilled personnel are required to use and maintain the devices. SSL decryption can create bottlenecks due to its robust processing needs, so the IT team might need to boost throughput. Furthermore, routing and firewall infrastructure must be configured to account for decryption. The data center might need a special virtual LAN to successfully execute SSL decryption. Companies can't simply add these network-connected devices without widespread consequences and changes throughout the data center. This is true of many networking choices.
Third-party hosting providers often offer SSL decryption and other advanced cloud networking options at an added cost. Gone is the need to hire specialized personnel to implement and maintain the deployment. Depending on what portion of the infrastructure the third-party cloud provider operates and maintains, there is no need for routing and switching experts. The business' server administrators may simply use a workstation to Secure Shell log in to servers off-site.
There are clear advantages to cloud computing, with a streamlined IT department and network fingerprint. However, before rushing to offload every function to a third-party data center solution, organizations should consider the benefits of on-site networking and security expertise. Hypothetical situations that may arise for your enterprise will help determine which option best addresses your needs.
About the author:
Brad Casey is an expert on network security with experience in penetration testing, public key infrastructure, VoIP and network packet analysis. He also covers system administration, Active Directory and Windows Server 2008, with interest in Linux virtualization and Wireshark captures. He spent five years in security assessment testing for the U.S. Air Force.