It’s hard to remember now, but attitudes to the public cloud have changed massively in a short period of time. When public cloud services first become available around 2006, most organizations were understandably skeptical. The idea of storing data in a remote location made them uncomfortable. They worried about reliability, security, and the loss of direct control over their applications and data.
More than a decade later, customers have come to embrace public cloud. It has moved from a bleeding-edge technology to a fundamental component of nearly every large organization’s IT strategy. These days, organizations are, if anything, too ready to adopt the cloud without careful planning. They don’t always realize that, when it comes to public cloud deployments, the devil is in the details. It is easy to underestimate the amount of time and effort that is still required to optimize and manage their environment.
When it comes to cloud roles and responsibilities are often not clear to new cloud users. Many customers have a fundamental misunderstanding of who owns what in the public cloud. They either haven’t taken time to understand their responsibilities in detail, or they assume that their cloud provider will handle them. This is incredibly common and often leads to serious complications. This gap in understanding and knowledge is the hidden reason why many cloud deployments fail.
Every public cloud provider offers a “shared responsibility model,” a breakdown of what customers must cover and what is provided by their own services. In my conversations with firms that are already in the public cloud, I’ve often found many are unaware of these shared responsibility models. And even more don’t take the time to understand them fully and their implications.
These models vary a bit from provider to provider, but usually look something like the graphic below.
While the major public cloud providers offer advanced and proven infrastructure, the customer carries the burden of configuring and incorporating their solutions to fit their own environment. Often, cloud services require customers to take on significant management activities. Sometimes this flies in the face of expectations with what organizations would expect when buying “as a Service.”
This can get complicated fast, particularly for less technical customers or those lacking a strong overall plan. After all, very few companies go to the cloud with a clear, centralized strategy owned by a single entity. Most organizations have many points of adoption, with individual business units or even small teams adopting cloud-based infrastructure and services, often in very different ways and for very different purposes.
Adding greatly to the confusion is the reality that 93% of customers1 are deployed to multiple clouds. This means they must understand, and act on, multiple shared responsibility models, as well as support divergent operational requirements and control layers.
When you consider these factors, it makes sense that many customers have big gaps in their execution and management approaches caused directly by a failure to understand their responsibilities. Let’s examine the most important and common areas where organizations get into trouble.
When you deploy your applications on any IaaS offering, you are paying for bare-bones compute, storage, and network access. The way that these resources are configured is your responsibility. So, you carry the burden of architecting a network topology that accounts for routine security challenges such as performing operating system updates and setting up your firewall.
The key problem here is misconfiguration. If you don’t get your firewall set correctly your data may be wide open to the internet. If you don’t structure your cloud services properly, you may introduce business risk from potential downtime or slowdowns. Many customers make simple and avoidable setup errors, such as not running across multiple availability zones, or failing to tap into the structure of the cloud to provide resiliency. Once deployed, they may not be monitoring the performance of their workloads in the cloud, assuming that the cloud provider would signal them if any issues arise.
The bottom line: while cloud extends your infrastructure, it also extends the breadth and range of your configuration and management responsibilities. Getting those right can make a huge difference to lowering your business risk and increasing your efficiency.
When a single incident can create permanent harm to your customers or your reputation, you cannot afford to get your security wrong. The potential costs of a breach or failure include direct expenses from downtime and long-term penalties from regulatory punishments and diminished customer trust. Yet enterprises often have glaring blind spots when it comes to their security profile across clouds.
One common issue is encryption. When configured correctly, it should apply to data across all its states – at rest, in use, and in transit. Most customers know to encrypt their data when it is static, on the client side. But surprisingly often, they will allow open data to move across their network and hit their servers. This is usually because they expected that the cloud provider would secure it, misreading their responsibilities and introducing massive business risk.
Another security challenge that is often overlooked is threat detection and response. Many organizations think their cloud provider “owns” this, but it actually falls to the customer. This means taking care of your own network monitoring, tracking threats and analyzing logs. It is up to you to scan proactively for vulnerabilities, or precursor activities like port scanning or brute force attacks, to stop incidents before they happen.
To make your business and people effective, you first need to provide your users with applications that work. Setting up your applications services correctly is essential to enable your stakeholders to work reliably and at scale. In the cloud, this burden falls mostly on customers.
You must determine your own identity and access management profile. It is up to you to find the delicate balance between being too open, introducing risk, and too restrictive, sapping productivity and efficiency.
You are also responsible for designing your platform to withstand intense, challenging service levels. Creating a resilient platform that can scale is not always easy. This is a pervasive and expensive problem; according to a recent analysis by Dell EMC and VansonBourne, 41% of enterprises have suffered a downtime event in the last 12 months.
One of the most important shifts that companies can make is to go from a cloud-first to a data-first mentality. When your cloud dictates what you can do with your data, you are limiting your data capital. Therefore, it is critical to understand what cloud providers do and do not provide in terms of data management and protection.
The inability to move data quickly to its most suitable cloud environment is one of the most common challenges I hear from customers. As business requirements, SLAs, IT budgets, and other factors change, customers need the ability to move data — both within a single provider’s infrastructure and across platforms — with minimal friction. Do not expect to inherit easy tools from your cloud provider to do this as its quite a complex process spanning multiple clouds, and few enable it.
Another major customer priority should be in the area of data recovery. Cloud storage services come with some level of redundancy, which provides durability for your data in the event of a systems failure. Do not, however, durability with availability. According to the same VansonBourne study, 63% of organizations doubt their ability to recover quickly from a downtime event.
Unless you take the time to implement a backup and recovery strategy that is aligned with your SLAs, you will likely be waiting to access critical data if cloud infrastructure goes down. To guard against ransomware threats and possible data corruption, you need backups that are both high-quality and readily available.
More than a decade later, customers have come to embrace public cloud. It has moved from a bleeding-edge technology to a fundamental component of nearly every large organization’s IT strategy. These days, organizations are, if anything, too ready to adopt the cloud without careful planning. They don’t always realize that, when it comes to public cloud deployments, the devil is in the details. It is easy to underestimate the amount of time and effort that is still required to optimize and manage their environment.
Start by understanding your responsibilities
When it comes to cloud roles and responsibilities are often not clear to new cloud users. Many customers have a fundamental misunderstanding of who owns what in the public cloud. They either haven’t taken time to understand their responsibilities in detail, or they assume that their cloud provider will handle them. This is incredibly common and often leads to serious complications. This gap in understanding and knowledge is the hidden reason why many cloud deployments fail.
Every public cloud provider offers a “shared responsibility model,” a breakdown of what customers must cover and what is provided by their own services. In my conversations with firms that are already in the public cloud, I’ve often found many are unaware of these shared responsibility models. And even more don’t take the time to understand them fully and their implications.
These models vary a bit from provider to provider, but usually look something like the graphic below.
Sample Shared Responsibility Model
While the major public cloud providers offer advanced and proven infrastructure, the customer carries the burden of configuring and incorporating their solutions to fit their own environment. Often, cloud services require customers to take on significant management activities. Sometimes this flies in the face of expectations with what organizations would expect when buying “as a Service.”
This can get complicated fast, particularly for less technical customers or those lacking a strong overall plan. After all, very few companies go to the cloud with a clear, centralized strategy owned by a single entity. Most organizations have many points of adoption, with individual business units or even small teams adopting cloud-based infrastructure and services, often in very different ways and for very different purposes.
Adding greatly to the confusion is the reality that 93% of customers1 are deployed to multiple clouds. This means they must understand, and act on, multiple shared responsibility models, as well as support divergent operational requirements and control layers.
When you consider these factors, it makes sense that many customers have big gaps in their execution and management approaches caused directly by a failure to understand their responsibilities. Let’s examine the most important and common areas where organizations get into trouble.
Infrastructure
When you deploy your applications on any IaaS offering, you are paying for bare-bones compute, storage, and network access. The way that these resources are configured is your responsibility. So, you carry the burden of architecting a network topology that accounts for routine security challenges such as performing operating system updates and setting up your firewall.
The key problem here is misconfiguration. If you don’t get your firewall set correctly your data may be wide open to the internet. If you don’t structure your cloud services properly, you may introduce business risk from potential downtime or slowdowns. Many customers make simple and avoidable setup errors, such as not running across multiple availability zones, or failing to tap into the structure of the cloud to provide resiliency. Once deployed, they may not be monitoring the performance of their workloads in the cloud, assuming that the cloud provider would signal them if any issues arise.
The bottom line: while cloud extends your infrastructure, it also extends the breadth and range of your configuration and management responsibilities. Getting those right can make a huge difference to lowering your business risk and increasing your efficiency.
Security and Encryption
When a single incident can create permanent harm to your customers or your reputation, you cannot afford to get your security wrong. The potential costs of a breach or failure include direct expenses from downtime and long-term penalties from regulatory punishments and diminished customer trust. Yet enterprises often have glaring blind spots when it comes to their security profile across clouds.
One common issue is encryption. When configured correctly, it should apply to data across all its states – at rest, in use, and in transit. Most customers know to encrypt their data when it is static, on the client side. But surprisingly often, they will allow open data to move across their network and hit their servers. This is usually because they expected that the cloud provider would secure it, misreading their responsibilities and introducing massive business risk.
Another security challenge that is often overlooked is threat detection and response. Many organizations think their cloud provider “owns” this, but it actually falls to the customer. This means taking care of your own network monitoring, tracking threats and analyzing logs. It is up to you to scan proactively for vulnerabilities, or precursor activities like port scanning or brute force attacks, to stop incidents before they happen.
Application Services
To make your business and people effective, you first need to provide your users with applications that work. Setting up your applications services correctly is essential to enable your stakeholders to work reliably and at scale. In the cloud, this burden falls mostly on customers.
You must determine your own identity and access management profile. It is up to you to find the delicate balance between being too open, introducing risk, and too restrictive, sapping productivity and efficiency.
You are also responsible for designing your platform to withstand intense, challenging service levels. Creating a resilient platform that can scale is not always easy. This is a pervasive and expensive problem; according to a recent analysis by Dell EMC and VansonBourne, 41% of enterprises have suffered a downtime event in the last 12 months.
Data
One of the most important shifts that companies can make is to go from a cloud-first to a data-first mentality. When your cloud dictates what you can do with your data, you are limiting your data capital. Therefore, it is critical to understand what cloud providers do and do not provide in terms of data management and protection.
The inability to move data quickly to its most suitable cloud environment is one of the most common challenges I hear from customers. As business requirements, SLAs, IT budgets, and other factors change, customers need the ability to move data — both within a single provider’s infrastructure and across platforms — with minimal friction. Do not expect to inherit easy tools from your cloud provider to do this as its quite a complex process spanning multiple clouds, and few enable it.
Another major customer priority should be in the area of data recovery. Cloud storage services come with some level of redundancy, which provides durability for your data in the event of a systems failure. Do not, however, durability with availability. According to the same VansonBourne study, 63% of organizations doubt their ability to recover quickly from a downtime event.
Unless you take the time to implement a backup and recovery strategy that is aligned with your SLAs, you will likely be waiting to access critical data if cloud infrastructure goes down. To guard against ransomware threats and possible data corruption, you need backups that are both high-quality and readily available.
0 comments:
Post a Comment