Not “One Cloud”: Nuanced definition critical to understanding risks & mitigation
Cloud describes the evolutionary development of many existing technologies and approaches to computing that separates application and information resources from the underlying infrastructure and mechanisms used to deliver them. This separation of resources from infrastructure combined with a utility-like, elastic allocation model creates a compelling model for Internet scale computing.
For Software as a Service (SaaS), perform regular data extractions and backups to a usable format
For Infrastructure as a Service (IaaS), deploy applications in runtime in a way that is abstracted from the machine image.
For Platform as a Service (PaaS), careful application development techniques and thoughtful architecture should be followed to minimize potential lock-in for the customer. “loose coupling” using SOA principles
Understand who the competitors are to your cloud providers and what their capabilities are to assist in migration.
Virtualized operating systems should be augmented by third party security technology.
The simplicity of invoking new machine instances from a VM platform creates a risk that insecure machine images can be created. Secure by default configuration needs to be assured by following or exceeding available industry baselines.
Virtualization also contains many security advantages such as creating isolated environments and better defined memory space, which can minimize application instability and simplify recovery.
Need granular monitoring of traffic crossing VM backplanes
Provisioning, administrative access and control of virtualized operating systems is crucial