System and Infrastructure Lifecycle Management for the Cloud
In this chapter, we examine how traditional lifecycle management techniques can be applied to cloud deployments. We consider how traditional lifecycle management processes require some adaptation for the cloud and discuss the notion of handoff—where a customer's own processes end and a provider's processes begin. We suggest how you can verify that your lifecycle controls are indeed practical and being followed. And we briefly touch on the distinct challenges that cross-cloud deployments present. First, though, we need to introduce (or perhaps reinforce) the notion of tradeoffs.
Every Decision Involves Making a Tradeoff
You might not realize it, but you make tradeoffs every single day of your life. In many cases, these are security tradeoffs that we fail to realize have any relation to security or the notion of exchanging one thing for another. For example, consider bulletproof vests. They have a very valuable security function: They save you from getting killed by gunshots. So why didn't you put one on before you walked out of your house this morning? The likelihood of you getting shot is greater than zero percent, wouldn't you agree? So shouldn't you take every precaution possible to minimize that likelihood even more?
The reason you don't wear a bulletproof vest every day is because you realize, intrinsically, that while stray bullets strike victims with some regularity, the likelihood of any ...