SLAs Can Mitigate Most Security Concerns In Cloud

Biztech2.com along with Akshay Lamba, Chief Architect and Head-IT Strategy, MTS India analyses how data management and data privacy pan out on the cloud for the telecom sector. He also delves into the cloud model and strategy for the telcos.

What type of cloud model has the telecom industry adopted?

For telecom operators, there are two usage models of the cloud paradigm. The first is for internal consumption and second for external consumption - what an operator takes to the market. The business case for internal cloud deployment is based on operational efficiencies and hence, lends itself primarily to cost control. On the other hand, cloud deployment for external consumption is driven by market consumption and a solid go-to-market focussed business case.

Can one look at data management on cloud, and what would be the security implications for that data?

There are a number of data management product offerings that are available through cloud infrastructure that can complement an enterprise data management strategy. This includes backup in the cloud, virtual desktop instances and enterprise applications on the cloud.

More from Biztech

Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

There have been teething concerns on data privacy and security of data in cloud. However, most of these concerns can be mitigated through SLAs and contractual obligations on the part of the cloud service provider.

Most cloud service providers currently build service offerings based on a solid foundation of enterprise architecture principles, effective design of the application layer and scalable infrastructure. Hence, data privacy is, and can be, controlled to a large extent through the checks and balances built into the technology stack.

How does data privacy and customer data protection pan out on the cloud for telcos?

With respect to the telecom sector, operators are mandated to adhere to a number of regulations on data privacy and customer data protection. Currently data storage is not done in a cloud environment primarily because of the sheer size and scale of operator systems. The data volume is large and operators must store it for a regulated stipulated time period.

In today’s context, similar to the user application space, cloud services can be used based on private cloud offering for internal consumption by enterprise and operators. For example, organisations can utilise virtual desktop interfaces for its employees. A deployment such as VDI (Virtual desktop Infrastructure) decreases the security risk portfolio in an enterprise since the data resides in the private cloud of the organisation. Risk of the data being lost through portable hardware being carried by employees is mitigated.

What cloud computing strategy would you suggest especially for the telecom sector?

For internal consumption, telecom operators can look at multiple cloud offerings like virtualised desktop interfaces, using cloud for customer services offerings, infrastructure-based services such as backup and recovery and a number of instances of application development and testing platforms.

For external consumption, telecom companies have an opportunity to offer cloud-based services for the three segments of customers – retail, SME and enterprise. The needs of the each segment are distinct and require distinct capabilities in terms of provisioning, billing and customer lifecycle management.

The cloud build strategy for an operator is largely dependent on the customer segment it targets and its medium term data management strategy. Either way – a strong enterprise architecture framework to build on would only add value as the cloud model matures in the marketplace.

What services do you suggest should be offered via the cloud?

When it boils down to services, it depends on the segment. Cloud services for SMEs and larger enterprises need to meet both necessary and sufficiency conditions. Necessary conditions are those where organisations feel that there is an internal need which can be sufficed using cloud. These internal needs are primarily cost factors driven such as central deployment, hardware optimisation and operational efficiencies.

Sufficient conditions are more external in nature and are primarily driven by a valid business justification to use cloud. Depending on their nature of work and services being offered, enterprises can specifically carve out opportunities for leveraging on cloud infrastructure.

How can cloud downtime be avoided?

We live in a world today where no organisation can afford downtime, be it banking, operators, healthcare, infrastructure or logistics. A well architected cloud infrastructure by itself is redundant in nature.

Comparing yester-year’s mainframe-based architectures with today’s cloud framework, the primary difference seen between them is the size of the elemental components- the architecture. Mainframes were mammoth in size and necessitated a central data repository to churn large amounts of data. The same volume of data can be processed on a cloud infrastructure by breaking it down to smaller chunks of data that are processes in smaller elemental servers. As a result of this process, the uptime consideration is actually far superior in a cloud environment.

In the cloud framework there are multiple layers of redundancy. The first layer is local to the infrastructure wherein even if a few servers go down, the resultant load would be counter balanced by idle CPU cycles in the primarily cloud itself. The same holds good for memory or storage. The second layer is with respect to geographical diversity of the backup cloud infrastructure of the service provider. Of course, a well architected cloud infrastructure is just a precautionary measure to avoid downtime across each layer of the OSI model.