Building a secure hybrid cloud
In a day and age when the words digital transformation and cloud have become household names, businesses of all shapes and sizes are jumping on the bandwagon to cloud-enable their business applications. That sounds great as part of a dinner conversation; however, when the CIO needs to request funding for such a project, there must be a valid business case to get it approved.
One major driver of cloud technology is cost reduction. Cloud applications require little to no upfront investment, versus legacy on-premises solutions that require dedicated servers, operating system licenses, and possible back end database licenses. For legacy applications, you pay the entire cost upfront as a capital investment, plus a possible monthly support cost. As time goes on, the software as well as the platform becomes outdated and you need to pay for costly upgrades to keep up with the latest security updates and product feature sets. With cloud applications, however, you pay a low monthly service charge that is reported on the balance sheet as an operating expense, and usually includes support and upgrades.
For on-premises solutions, your own IT staff is responsible for its operation. This means that you need to hire new staff and/or train existing staff to take on this new responsibility. This presents an added cost to your organization. With cloud, however, the provider manages everything. You just click a few buttons on a web page and the job gets done.
As so eloquently said by Bola Rotibi, Research Director for CCS Insight, on a recent IBM IT Infrastructure webinar titled Secrets From the C-Suite: Building a Secure Hybrid Cloud: “As we think of the digital technologies transforming the way we live, work, rest and play, cloud presents a multitude of opportunities to operate and innovate more cost effectively and efficiently.”
Another major driver of cloud-based technology is business continuity. If all your computing assets are stored in a single location which then experiences an extended power outage, phone service or internet outage, natural disaster, or terrorist attack, your business essentially grinds to a halt. Many larger organizations invest in constructing and maintaining multiple data centers for just that reason. For most small businesses, this added cost is beyond their capabilities. Cloud technology removes this challenge by placing the business continuity requirement entirely on the provider.
Along the same lines of business continuity, is that because of its ubiquity, cloud provides businesses with a competitive advantage over companies that still rely on legacy on-premises hardware-based solutions. Case in point: I recently worked with a company who had one of their location’s phone lines go down. It took 3 days for 2 different phone companies to figure out whose fault it was and then finally fix the problem. During those 3 days, a busy office was completely down with no phone service whatsoever. This kind of service level might have been acceptable in 1992. However, in the 2020s that’s beyond unacceptable. A cloud communications provider with a guaranteed service-level agreement would have ensured that such a serious outage would never happen.
Now, one might argue that this sounds good in theory. However, a small business that manufactures designer bathroom tiles doesn’t have the same needs or security requirements as a large healthcare provider or global investment banker. You can’t just put your customers’ financial portfolio onto public cloud providers! If your public cloud provider gets hacked, the damage to your business can be fatal! This is what hybrid cloud computing is all about. With hybrid cloud your sensitive data and critical workloads remain under your control inside your on-premises private cloud, whereas your less sensitive or critical workloads can be redistributed to the public cloud provider of your choice.
One important consideration when migrating applications to the cloud is security. On the previously mentioned IBM IT Infrastructure webinar, Elisabeth Stahl, IBM Garage Distinguished Engineer, talks about encryption and how organizations think about it. Elisabeth Stahl stated that surprisingly, “a very small percentage of enterprise systems are actually encrypted.” She explains that while many organizations encrypt their data, they don’t do so from a holistic point of view. This means that important data gets encrypted and non-sensitive data doesn’t.
Now, if you were a hacker who just discovered a cache of encrypted data among a whole bunch of non-encrypted data, what would be your first thought? You guessed it! That’s the data you’re going to go after and try to break into. By selectively encrypting your data, you’re actually doing yourself a disservice. Elisabeth goes on to discuss a framework called pervasive encryption, “Where you’re really saying you need to easily be able to encrypt all, everything that you have. End-to-end holistically.”
IBM IT Infrastructure has a great resource on their website for businesses that are exploring for ways to educate themselves on security. The eBook is “Seven steps to make secure IT infrastructure a business priority”, and can be accessed here.
In conclusion, there are many different drivers for cloud-based technology. There are also many different options and configurations from which to choose from. Regardless of your choice, cloud security should be a central part of your overall digital transformation strategy, and not tacked on later as an afterthought.