Should you entrust your systems management to the cloud?

Balancing the risks

Protecting against web application threats using SSL

Cloud-based security and systems management (CSSM) applications have been going through my lab for testing lately and I find myself seriously weighing their use in production.

Anyone who regularly reads my column knows that I am not exactly the biggest fan of the cloud, but the quality of the CSSM applications I have encountered so far is triggering reconsideration.

The basic reasoning behind using a CSSM is that the on-premises offerings are pretty universally miserable to work with. They are old, creaky beasts with layers upon layers of features and nerd knobs. They are a pig to set up, a pig to maintain and they take crazy amounts of resources.

Worse, the on-premises offerings either flat-out cost too much or the licensing was created by consulting the ghosts of Microsoft licensing specialists past.

Golden oldies

The cloudy stuff is new; as such, it doesn’t have the cruft of the old. Yay for that, but the cloudy offerings also don't have the flexibility of the battered on-premises warhorses. I find myself able to argue on either side of this one.

I have yet to see a CSSM that can match a proper on-premises counterpart, full stop. That said, what good is a CSSM setup, on premises or cloud, if the thing is so convoluted that you never use it?

I will openly admit that while I have set up Microsoft's System Center Configuration Manager several times, I do not use it in production anywhere.

Every time I light it up for a review or prepare a demo for a customer I remember why Past Trevor was so convinced that its developers sup each night on the salty tears of 1,000 broken sysadmins.

I don't have fond things to say about a lot of the other on-premises offerings either. Put a gun to my head and I will admit that I can make the thing go and do what it needs to do, but I'd much rather sign up with a local road construction crew than tangle with that particular piece of software. Around here, they pay about the same.

Count the hours

So if I – someone who at least has the faintest glimmerings of understanding of what this software is trying to achieve – am so frustrated by this stuff, in what rational universe could I expect others to put up with it?

At scale, CSSM applications are amazing tools. You put a few hours of work into a change and hey presto, you can control tens of thousands of systems.

At the SMB end, those several hours spent on configuring, testing and deploying a change could see someone manually make the change on every one of a small company's 100 PCs.

The border between where exactly a full-bore on-premises CSSM setup pays for itself is hazy and company specific. CSSM applications make the financial maths even more difficult to judge.

If a CSSM is easy enough that it actually gets used, even for mundane tasks, then it is probably worth the money spent. If it solves most of your configuration and management needs – but not all – leaving you to do some things manually, is it still worth the money?

What percentage of your configuration needs should it cover before that hulking on-premises behemoth makes sense?

Better than nothing

If you combine it with stuff you already own, such as Active Directory, or alternative deployment technologies, such as Puppet, do you get something that meets all your needs in a simpler and cheaper fashion?

In situations where the competition is nothing at all, I find the CSSM options absolute no-brainers. I can get a client signed up with Intune or GFI Cloud and show them how to use the thing in minutes.

Lots of these people maintain their own systems and just having something – anything – is better than the nothing they have now.

On the other hand, I consult with a lot of mid-sized deployments where tools such as System Center exist – and licences are bought each upgrade cycle – but they simply aren't used. In too many cases it is quicker for the local sysadmins to do it by hand. Here too, I wonder if CSSM apps are the right fit.

Still, I find myself seriously considering a cloudy service. What is more, I find myself considering a cloudy service for which I can probably list quite a few really good tinfoil hat security reasons why I should never consider it.

The value of the service trumps the risks – real and imagined – of it being in the cloud. It begins, dear reader. It begins ®.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.