Hybrid cloud security & cloud readiness
In this 3-part blog series, Systal’s CTO John Bidgood shares his experience on the most common questions we hear on the challenges and pressures that senior managers face when implementing a hybrid cloud infrastructure. Part I considered common mistakes and pressures of adopting a cloud infrastructure. In this post (part II) we’ll look at hybrid cloud security & cloud readiness – the connected security aspects of implementing a hybrid cloud structure, and how you can prepare for hybrid-cloud.
Hybrid cloud is causing senior IT managers to reconsider the way that security is implemented, but it doesn’t change the underlying methodology. They still need to own the overall security policy and to make sure that hybrid cloud is compliant with that policy. Much like running an IT operation without hybrid cloud. Therefore, the basic requirement is still to confirm an overall corporate security policy and use this to outline what is needed to meet business compliance requirements.
But how do you build trust around something you don’t own? When your assets are split over public and private cloud this makes security more complex as you cannot claim full control over assets that you do not own.
This means there should be more of a focus on the workloads, how users connect, and which digital platforms they are using to determine the security segregation model. For example, if a large number of users connect via 3rd party platforms/internet connections it may be better to treat all users as ‘untrusted’ to preserve security.
User policies that focus on ID/password management might mean the support for a single active directory with resulting integration and administrative requirements.
However, these users will rarely connect to a single cloud and will still probably connect to some traditional IT services in, for example existing co-location or datacentre locations. Therefore, it makes better sense to build a “trusted” zone of inter-connectivity between an IT operation’s hybrid cloud and the classic IT services in those datacentres, whilst treating remote connectivity for users and their connected devices on the “outside” as untrusted.
This will require the correct physical placement of, for example firewalls. This is important as you do not want to impact the required capacity and performance from the network to interconnect with users, multiple clouds and classic IT systems.
Ready for Cloud
To be ready, we recommend IT managers confirm what their hybrid cloud requirements are and what they need to support application hosting.
This ‘application first’ hosting policy should be based on the economic considerations combined with the service/security constraints dictated by the business-critical applications.
Using this model, we can see that:
- Private cloud is ideal for predicable workloads and custom SLAs for critical business applications (e.g. data backup and internal databases). Then to plan accordingly to add resources as needed to accommodate expected growth.
- Public cloud is better where greater elasticity is needed for unpredictable workloads (e.g. digital and IOT applications) where applications can be standardised to run on commoditised platforms with common SLAs.
- Classic IT datacentre or co-location environment for when there is no “cloud” migration option. i.e. when legacy IT compute and storage platforms are running key business applications
To integrate the cloud and datacentre environments it is recommended an end-to-end architecture is formed.
This architecture is based on a standardised set of repeatable physical and virtualised templates that can be used to support the required performance, capacity, agility, resilience and security requirements to meet the demands of the business.
These repeatable templates are turned into a service catalogue of desired features. This catalogue will support the applications, network, security components, compute and storage components wherever the users and hosts reside.
This architecture can then be assessed against the current state using a gap analysis. The gap analysis will recommend areas of change, prioritised against the business and service objectives to implement the required upgrades, whilst still making the most use of the current IT investment. The primary objective should be to not introduce anything into the operation that is not needed.
As the operation grows in size and complexity, the service catalogue may be increasingly automated overtime. An “orchestrator” may be used for example to deploy multiple virtual components in software. Or using appropriate analytical software automatically to predict and upgrade resources from a capacity or performance perspective.
In our final post in the series, we’ll cover John’s top tips and predictions for the future of cloud. If you are interested in deploying a hybrid cloud strategy for your business or would just like to find out more about what we do – get in touch with us today.