The emergence of hyper scale public cloud services have made an extraordinarily valuable pool of scalable, elastic, on-demand compute that’s easily assessable and carries the potential to benefit IT operations of all stripes. Even though these platforms have been around for several years, a sizable portion of CIOs still avoid the public cloud even though it would likely minimize cost and expedite time-to-market for several of their applications. So, why are we avoiding it in the first place? According to Gartner, security concerns persist as the most commonly cited reason for avoiding public cloud; however, experts do not see cloud providers as points of weakness. In fact, the hyper scale platforms’ underlying infrastructure is likely more secure than the infrastructure enterprises who manage themselves. It’s still up to the user though to ensure access and authentication are secure.
So, if public clouds are not insecure in themselves, why not throw all workloads onto one of the major platforms? Naturally when you’re consuming IT “by the drink”, the incremental cost for compute is more expensive than racking and stacking physical servers. You’re paying a premium for the elasticity, so you’ll need to carefully discern which workloads would prosper in such a flexible environment according to your business-specific imperatives – and let’s be honest, it’s not an easy task!
The cloud itself may be secure, but when you have workloads deployed inside and outside of the cloud, also known as hybrid IT, the connections in between the execution venues introduce new vulnerabilities. Several of the recent high profile attacks – including the highly publicized WannaCry ransomware – took advantage of the lateral traffic between the disjointed architecture that makes up holistic hybrid IT environments, which typically consist of a mix of proprietary data centers, colocation environments and public cloud resources.
This may sound scary, but with the right expertise and tools, leveraging a mix of public cloud and traditional resources may leave you more secure. Let’s start with protecting the lateral connections that link the public cloud to your other environments. The ideal solution would identify a carrier that can provide private connections to your hyper scale cloud provider of choice to avoid the public Internet and all its malicious actors. If an adversary cannot access the connection, they simply cannot hack it. Also, it’s best to find a direct connection that avoids congested peering hubs to minimize latency and maximize performance, so the end-user has no idea that their workloads are physically residing in different places. The best way to ensure you secure the right connectivity, ideally with redundant providers, is to deploy your traditional workloads in a colocation facility where the data center provider (enter DataSite) can help identify the best carriers from their ecosystem of networks to serve the specific and unique needs of your strategy.
When it comes to securing the cloud itself – users actually have less responsibility in protecting the stack compared to traditional IT. When you spin up a virtual machine in the public cloud, the underlying infrastructure is secured by best-in-class technology and practices. It’s up to you to secure anything you put on the server. Every cloud provider makes it very clear what they handle when it comes to security and what falls on your shoulders. The majority of your burden will involve assigning rules and managing governance. Luckily, the prominence of major, hyper-scale cloud providers have attracted a plethora of third party security applications that were developed exclusively for these platforms. The major clouds have recognized the magnitude of innovation their platforms have attracted and set up marketplaces for these services, so they can easily be overlaid on top of their core offerings. Combining a suite of third party services to account for comprehensive security requires experts that are familiar with each of the major cloud platforms and the best-of-breed third party security options within their various ecosystems.
Many CIOs are particularly skittish about being able to keep track of all their IT resources with an abundance of virtual machines being spun up and spooled down constantly. But, in most cases, their fears are very much off base. The virtual nature of the cloud actually makes it easier to have real-time visibility into how each of the compute and storage resources are being used. Additionally, cloud providers maintain logs for all activity that allows for real-time automated auditing – something that’s impossible to do when you’re dealing with physical machines.
The truth is, the cloud doesn’t get in the way of comprehensive policy enforcement; it facilitates it.
A hybrid IT environment that takes advantage of the innovation the public cloud attracts could be safer than a traditional environment. But, without experts that know the right connectivity providers and third party security vendors within the cloud ecosystem, that’s when you’ll find yourself vulnerable.
DataSite will soon launch Atmosphere, a consulting arm that will guide your full journey to the cloud. Our experts will help you identify which workloads should be in the cloud, procure private networks to safely and quickly interconnect with the cloud, and select best-of-breed security products from the vast cloud marketplaces to ensure you are running the safest, most cost effective, cloud-enabled hybrid IT environment. Stay tuned…