Cloud computing is here to stay, with many credit unions either actively adopting or at least considering cloud computing at least in some form. One aspect of cloud computing that credit unions constantly underestimate is bandwidth connection. We have become accustomed to LANs at 100Mbps and many of us even at 1Gbps for quite a while now. We connect to our servers at that high speed and the data moves across our LAN almost instantaneously.
Now we are moving our servers to the cloud and we forget that this means we are connecting to them via our Internet link, which is rarely fast, and almost never 100Mbps. So, one tip – when you move your servers to the cloud, consider how relevant access speed is for your users; if very relevant, keep the server in-house until you can guarantee very high bandwidth internet connection.
Another aspect of the same issue – continuity of service. We move to the cloud because this guarantees redundancy and continuity of service, but we forget to get a second Internet link for our own LAN. So if our ISP connection goes out and we lose connectivity to our servers “in the cloud” – how is our productivity impacted? Either get a secondary ISP, or don’t move to the cloud those servers that are fundamental for your users’ productivity.
There are several products that guarantee remote access to the cloud servers without the need for a VPN. I cringe every time I see that. None of these products can guarantee the same level of access security for credit unions as a VPN. It is not only a matter of encryption; rather, it is a matter of identification, credentials, access control.
An SSL VPN connection requires a private certificate and key – that is strong authentication. An application like RDP simply requires a login ID on the server and an open port in the firewall. Hence the security of your server at that point is only as strong as your weakest password. Remember, hackers have all the time they want and know all the tricks. You expose a login ID to them and sooner or later they’ll find a way in.
Networking in the cloud is rather simple – usually it ends up being a small subnet with a handful of servers connected to a virtual switch, behind a virtual firewall, connected to a virtual router.
One thing I would recommend – ensure your servers are not in any way accessible from any other subnet that doesn’t belong to you. This may come as a surprise, but there are hosting companies that do not properly enforce this elementary aspect of networking and lump many servers on one subnet even if they don’t belong to one customer!
Pierluigi Stella is chief technology officer at Network Box USA in Houston, Texas.