Enterprise Clouds Demand Enhanced Security and Availability
Security and availability are top-of-mind IT concerns about enterprise clouds – and transferring enterprise workloads to hybrid clouds.
I’ve said it before, and I’ll say it again – security and availability are not going away just because we’re in the age of cloud computing. Rather, customers must evaluate their on-premises requirements for both security and availability — and they must take steps to match those levels throughout the hybrid cloud, working together with their cloud service providers (CSPs).
- Security must be assured for all workloads and data. That can be achieved by means of encryption and user authentication – and by 360-degree planning by IT and business managers that evaluates all aspects of end-user access to data.
- Availability of data, via the avoidance of data breaches, must be assured, although the technology for achieving high availability (HA) will be different – and more distributed – in cloud computing.
- All of the largest cloud service providers are including enterprise-level security/availability discussions their presentations and announcements.
Layers of Security
First, let’s look at security. When cloud computing was introduced in the late 2000s, multiple “layers” of security had to be in place before data and applications could be transferred to cloud service providers (CSPs). That is true today — and enhanced security is now the expectation of customers migrating workloads from the enteprrise data center to the cloud.
Assurances about data locality (e.g., data staying within a geographic region) had to be made – to make sure that data could not be compromised or tampered with if it traveled beyond the bounds of geographic regulations. Today, all of the major coud service providers (CSPs) have cloud data centers within each major region: North America, EMEA, Asia/Pacific and Japan.
Data access has spurred large amounts of redevelopment and re-writing of older application code. Access could be granted by the user “roles” within the organization, determined by job type – and user IDs required better means of access (e.g., better passwords, biometrics, encryption standards).
The need to replicate data across multiple “regions” of cloud computing posed another challenge for cloud service providers. But data has to be replicated – at least three times – in order to ensure availability of data, even in data fails or is corrupted within any one region or domain. Today, a three-fold replication is the de facto standard — and sometimes data is replicated more than that. So, data location and data-copying represent another sphere of attention for data security.
SLAs for Availability
Data availability and application availability are the “companions” of achieving security in cloud computing. Security cannot be assured unless availability considerations have been attended to. Today, there are multiple ways to ensure availability, multiple ways to make sure data will be available, with little delay, when needed.
Traditionally, availability was achieved within a single, scalable system – or through failover within a cluster of servers. Those methods ensured that data was always available on alternate resources (server or storage), in the event of a system failure on any given section of the IT infrastructure. That approach worked well inside an enterprise data center, where specific workloads were assigned to named clusters.
Today, failover has been joined by other computing techniques – cloud-style storage, data replication to multiple “regions” of the cloud and “sharding” of large databases, housing segments of the data across many servers and data stores in the cloud. Sharding is being widely adopted within cloud service provider (CSP) infrastructure – where scale-out databases, running across many server “nodes,” became the norm in recent years. All of these approaches – inside a single system, within a cluster, and distributed across a hybrid cloud – ensure that a full dataset can be recovered, even if specific server or storage devices go offline.
The advent of cloud storage has allowed new types of data storage and availability. Key to effective and efficient cloud storage is advanced systems management software that farms out data to multiple resources. Importantly, advnaced systems management software provides a unified view of data resources across a hybrid cloud. Software-defined storage (SDS) often uses these types of systems management software, running on large numbers of virtualized storage devices.
Where You Stand In the Network Determines Your View of the Data
Hybrid cloud computing, linking enterprise and cloud data centers, is being widely adopted by customers. It is a pragmatic step into the world of cloud computing, while retaining legacy and critical systems within the enterprise data center.
That’s why the largest cloud service providers (CSPs) are increasingly focused on optimizing both security and data availability for hybrid clouds.
Most large enterprises have “inherited infrastructure” and aging business applications – some as much as 20 to 30 years old, or more. Many enterprise customers are actively working to simplify that inherited IT, to consolidate existing workloads to fewer systems “footprints” in their data centers. At the same time, they are identifying the workloads that will move to public clouds – focusing on cloud hosting to contain IT costs.
Importantly, now matter where the data exists, it must be discoverable via unified management consoles for network and database administrators. Having a unified view is essential to efficient, highly secure and available hybrid clouds.
Today, it’s a given that much of your data is “living” offsite at trusted cloud sites (e.g. Amazon Web Services (AWS); Microsoft Azure, Google Cloud Platform, IBM SoftLayer and Oracle Cloud, among others. It may also be housed at CSP partner sites, like Equinix, which provide high-speed links between enterprise data centers and public cloud datacenters. All of these providers are taking steps to ensure equivalent, or better, security and availability for hybrid cloud workloads.
Each year, the percentage of all enterprise applications living in the cloud will rise. Some believe that as much as 20%-30% of enterprise workloads are already in the cloud – and that the number will move past 60% over the next five years. These workloads include application development, dev/test, enterprise applications (ERP) and delivery via software-as-a-service (SaaS).
Customers have important decisions to make about security and availability — and the ways they will achieve higher levels of both security and availability for hybrid clouds. As the migration continues, enterprise customers must think deeply about security and availability requirements. They must explore the security and availability requirements they already have – and then enforce those standards for security and availability by working with public cloud partners.
Awareness of ongoing security and availability requirements represents an industry-wide opportunity for systems integrators (SIs), managed service providers (MSPs) and others working closely with enterprise and SMB customers. They must work to better understand customers’ security and availability expectations – and to support them in new, and innovative, ways.