Category: CommunityBare Metal Clouds Help Alleviate Cloud Risk Management Worries

Share this post...Tweet about this on TwitterShare on Google+0Share on Facebook0

Bare Metal Clouds Alleviate Cloud RisksRisk management depends on knowing what the risks are, how likely they are to change from risk to reality, and the steps that will reduce or eliminate them. The more knowledge a business has of its infrastructure, the better it’s able to manage its risk exposure. Public cloud platforms by their nature allow limited knowledge of the infrastructure layer.

Although no-one would argue that virtualized cloud platforms fail to offer convenience, it comes at a cost in knowledge.

Public virtualized clouds are multi-tenant environments that restrict insight into the underlying hardware. For virtualized platforms to offer anything approaching information security for their clients, separation between the bare metal, the hypervisor layer, and the virtualized infrastructure layer must be extremely rigid to reduce the risk of information leakage between tenants using the same hardware.

For that reason, and to promote portability and versatility, users of virtualized cloud platforms have no knowledge of anything happening beneath the virtualized infrastructure. Cloud service providers do not divulge detailed information about their processes, operations, controls, and methodologies.

That’s not a good situation from a risk management perspective; it becomes impossible to determine risks and the likelihood of those risks becoming an issue, and users have no recourse for risk mitigation and elimination.

Bare metal clouds on the other hand offer many of the benefits of virtualized clouds for workloads that require high performance infrastructure with the added benefit of being substantially more amenable to thorough risk analysis.

Lets consider two common risk analysis scenarios and compare the transparency of virtual cloud and bare metal cloud platforms.

Regulatory Compliance

The cost of failing to comply with national and local regulatory requirements governing the management of personal, financial, and medical information can be considerable. Companies handling sensitive data require awareness of their information security environment and their level of potential risk exposure. As we’ve previously discussed, it can be difficult or impossible to achieve the necessary breadth of knowledge when using public cloud platforms.

Bare metal clouds are essentially clusters of dedicated servers with a control layer. Each BMC is private; bare metal clouds are not multi-tenant environments in the first instance (although shared environments can be built on BMCs). Users of bare metal clouds can see “all the way down.” There is no hidden layer, which makes comprehensive risk awareness and mitigation achievable.

Performance and Reliability Risks

For businesses that depend on their technological infrastructure, failures, performance degradation, and downtime are to be avoided at all costs. The lack of insight into the specific systems underlying public cloud platforms means businesses have no knowledge of the likelihood of performance issues or downtime. The cloud is a platform built on fallible technology, usually pushed to its design limitations to maximize utilization and minimize costs. There is simply no way to properly assess risk in this area. Cloud vendors can hedge risk with service level agreements, but that’s a poor substitute for the ability to identify risks and implement mitigation processes.

Bare metal clouds offer a superior performance and stability profile because they don’t employ a virtualization layer, but they are also built on fallible technology. The difference is that organizations are able to gauge the risks properly because they are able to accurately assess the hardware and network infrastructure.

Of course, risk management is a form of management, not an idealized process of risk elimination; it recognizes that risks are to be balanced with other factors and that sometimes completely eliminating risks is impossible and undesirable – no one can be omnipotent. Public virtualized clouds may have a role to play in scenarios where potential risks are balanced by convenience or cost benefits. But for applications handling sensitive data, or those that are performance dependent, the risk of not knowing what’s happening under the hood frequently outweigh the potential benefits of virtualized cloud platforms and call for the use of bare metal clouds.

Image: Flickr/tiffa30

Bare Metal CloudCloudinterworxSystem Administration
Jan 14, 2015, 12:55 pmBy: Corey Northcutt (0) Comments

Leave a Reply
Surround code blocks with <pre>code</pre>

Your email address will not be published.


Sign up to receive periodic InterWorx news, updates and promos!

New Comments

Current Poll

  • This field is for validation purposes and should be left unchanged.