Businesses can ensure the security of cloud services, such as external data storage and applications, and enforce business control policies by employing virtualisation architecture, says virtualisation equipment and systems company VMware South Africa director Chris Norton.

Companies can leverage their own infrastructure, namely servers and computing power, to deploy their own cloud services and link these securely with external, scaleable cloud services when required, while maintaining business control, he says.

“Companies have already invested in people, processes, infrastructure and equipment to deploy and maintain their networks. Further, while cloud services enable easy scalability and cost reduction, the centralised control of private networks is imperative to ensure business compliance, security and accountability,” says VMware Northern Europe VP Matt Piercy.

To meet the disparate demands on informatiuon technology (IT) departments in com- panies, VMware proposes a hybrid cloud model, which entails that companies leverage their IT investments by virtualising their data servers, networks and computing power to deploy a cloud under their control, says Norton.

However, company policies for security of information and data processing should track data into other companies that provide outsourced cloud services. This will ensure that security and control remain high and the business remains compliant with regulatory and shareholder rules, says Piercy.

Service-level agreements stipulating security and access policies can be negotiated with service providers, and international best practice cloud security standards exist, says business IT systems provider Business Connexion chief technology officer Andrew Brauer.

Companies should, however, retain core and critical information and use the cloud for noncore functions, as well as encrypt data, notes Piercy.

Further, lists of identified applications that employees can use would ensure the safe use of internal and unsecured, external applications, such as widely used cloud storage application Dropbox.

“Individual experiences and familiarity drive the uptake of applications, devices and cloud functions in companies. However, the central management of policies and security across platforms and devices is important and possible by using automated and virtualised systems. These policies will encompass the generation and distribution of data, the use of different devices, technologies and applications, as well as accessibility management.

“In the near future, portals and policies will be employed to determine the security and accessibility profile of users, who increasingly demand to be in control of which applications, devices and platforms they use, while also ensuring central IT management and control by the company,” notes Piercy.

Companies will also seek to build and deploy their own applications and there is an increasing demand for self-service portals, which also gives control back to the companies, says Brauer.

“Vendor lock-in is rapidly decreasing and companies must increasingly control software scattered across different virtualisation layers. Expanded policy-driven automation will be employed to enable an IT department to manage this. Back-end functions will also become more automated and policy-driven,” he says.

Virtualisation and cloud services can enable small and medium-size businesses to leapfrog technology gaps, compared with large corporations. Large companies can, however, use cloud services to provide scope for easy expansion or contraction and move from a deterministic capital expenditure model for the deployment of IT systems to a more flexible operating expenditure model, concludes Norton.

To subscribe to Engineering News's print magazine email subscriptions@creamermedia.co.za or buy now.