All posts by ianfinlayabiquo

How a hybrid cloud architecture stops the data loss and shadow IT threat

(c)iStock.com/Erik Khalitov

Cloud computing continues to evolve at a fast pace, while having a large impact on modern businesses.  Many organisations are considering or trialling cloud adoption, with Gartner predicting cloud computing as one of the 10 strategic technology trends for 2015, once again, showing its continuing momentum.

Cloud provides organisations with many benefits, such as the potential to reduce costs while increasing value by allowing the more efficient use of IT resources. It also has the ability to increase capacity while reducing the need to purchase capital equipment. Whilst there are many benefits, there are also some concerns around protecting data and applications from any possible vulnerabilities and threats, including shadow IT.

Cloud migration

Many believe that migrating data from existing data centres to the cloud means foregoing security, data ownership and weakening internal controls and audit trails. With a private cloud, data should be as secure as it is in an existing data centre, while with public and service provider clouds, security can be assured if sensible precautions are taken. However, the problem is that many migration projects are often rushed or not completed properly due to pressure from the business to simply ‘get it done’.

Before any migration project, it’s important to understand the current business environment, why data and applications need to be migrated and to examine any configuration requirements, particularly around the definition of user and system roles which are often far too broad in a traditional data centre setup. Organisations can do this by conducting a full audit and clean-up of the organisation’s security environment before starting the migration progress. This should include scope-based and role-based access requirements – in other words, who needs access to what and what they can do to it.

The easiest and most secure way to migrate data is through a two-stage migration process. This means attaching non-virtual, physical, existing servers to cloud storage – treating this as storage-as-a-service – then migrating the compute workload as and when the business is ready.

Shadow IT

IT departments no longer have control over all IT solutions implemented within the organisation, in fact their control risks being reduced as increased business flexibility is demanded. A shadow IT ecosystem has emerged where every single employee has the potential to act independently from the IT department, implementing cloud applications that may be convenient to them, but could pose a significant threat to their organisation’s information security and availability, potentially impacting its customers and consequently its revenue.

In some cases, customers may leave if you have a sustained outage or loss of client data. In turn, if end-users who’ve deployed rogue cloud apps leave, taking passwords with them, the enterprise can become locked out of their account. If this were to happen, the loss of client data or, more importantly, the loss of enterprise data presents a real risk to both reputation and security.

Enterprises can mitigate some of the issues of shadow IT by adopting hybrid cloud architecture. This provides the flexibility demanded by business units while also being structured and secure, maintaining control and assuring data governance. As enterprise IT evaluates the best technical approach for hybrid IT management, it’s vitally important that the speed, flexibility and agility drawing end users to public clouds in the first place be preserved in the hybrid model. Although you can’t be 100 per cent sure that the information you store on the cloud is safe, you can use these protective measures in order to make sure it is as secure as possible.

How vendors are building data centres to protect customers and how this affects compliance

(c)iStock.com/4x-Image

European service providers are currently busy with the creation of multiple data centres, yet in an effort to ensure customers are able to access their data in the locations they are looking for many are being left at risk of having to return to manual provisioning. This is a pitfall providers need to avoid and, to do so, will need to consider how they can offer self-service to their customers, with the choice of data location built-in.

Offering a choice of VM template, but no choice as to where to deploy it, means that data sovereignty for cloud solutions providers not only goes out the window, but can become a serious issue. This is where best of breed cloud orchestration solutions come into play. Offering customers both the choice of VM template and also where to deploy it, best of breed cloud allows cloud providers to create a range of more personal and flexible services for their end customers.

But these end customers need more than just the choice of location; they require a full set of reports across all the cloud infrastructures they use. These requirements are driving many customers to consider their own private, hybrid cloud platforms in an attempt to gain the control they demand. Not only will this allow them to choose if they should set-up a virtualised infrastructure in their data centre of choice, but also to use public clouds when appropriate. Alongside this, a useful by-product is support for DevOps as a strategy – one hybrid cloud platform for all clouds means one API for all clouds too!

How can organisations successfully negotiate the challenges of cloud computing?

Cloud computing provides organisations with many benefits, for example  the potential to reduce costs while increasing value with a more efficient use of IT resources and the ability to increase capacity while reducing the need to purchase capital equipment (servers, networking equipment etc.). These both allow enterprises to push that cash back into the core business.

It’s important for businesses to have a clear understanding around the use of cloud computing technology in order to implement an effective cloud strategy. Organisations must review their existing enterprise IT assets and ensure there is potential for cloud computing to bring value, which is specific to an organisation’s business processes and their existing way of doing IT. Most enterprises will find that cloud computing can solve many existing efficiency issues and moving to cloud computing will provide clear and measurable value.

Arguably however, the most vital decision an organisation has to make on the journey to successfully navigating cloud computing is to decide whether hybrid cloud is a key part of an IT strategy, or whether IT should be put in the hands of a trusted provider.

Once this decision has been made, organisations then need to look at their IT systems and decide which are truly critical and, for the ones that are, what the compliance requirements are. It’s at this point that an organisation should be able to decide which would be more beneficial; running a private hybrid cloud platform, or outsourcing to a provider offering a true hybrid cloud solution.

An organisation must remember to ask itself however; how can it get the data in and out of its chosen cloud or clouds? This should be a vital part of the thought process when making the final decision on a desired cloud platform.