ComputerWorld.in

Legacy apps in the cloud: Six details worth sweating

By Kevin Fogarty on Jun 26, 2010

A host of substantial problems with porting legacy apps to the cloud will keep most companies from diving in for now, say analysts reporting on weaknesses in the cloud and ISVs trying to fill in the gaps.
But just as important for legacy applications that are often heavily customized and surrounded by cordons of stored procedures, report-generating scripts and security auditing tools, are the smaller issues that aren't obvious immediately, but can stop the show just as effectively as the biggies, according to Bernard Golden, CEO at consulting firm HyperStratus. Here's a look at the details worth sweating.

Visibility Some applications require close monitoring, either by IT people on guard to make sure nothing goes pear-shaped unexpectedly, or by software that keeps track of who uses the application, what data they accessed and what they did with it, according to Chris Wolf, infrastructure analyst at The Burton Group.

This isn't an issue of basic security-limiting either physically or through programmatic limits the number of people who can use software or data. It's the ability to go much deeper-tracking which authorized users actually used the application, when they did, what data they changed or reports they generated, and who used those reports or data afterward, Wolf says.

That kind of control is ridiculous if you're talking about Google mail. But it's not only critical, it's required by law if you're talking about software for finance or customer management. Unfortunately, most of the network- and application-access protocols those tracking applications use don't work across the Internet, or have been turned off by cloud providers worried about customer privacy and security.

If you want to see and be able to report, reliably, on who has been using your data and applications, be sure your cloud provider can either build in a gateway for your security tracking, or provide a mechanism within its own environment to track and report what's going on in your part of the cloud, analysts say. Even if your cloud provider does offer strong security assurances, how well those assurances will stand up to audit-at least for now-may boil down to how well your auditor understands virtualization and the cloud, virtualization security experts say.

Tagged as: