Sunday, September 4, 2016

The Cloud is an Opportunity

"Excellence is a continuous process and not an accident"
A hybrid cloud is just an offsite data center if you migrate your applications and processes as is.

This Topic on Video

Cloud as an Opportunity

Life in the Cloud Should Be Different 

  • Opportunity to bake in policies and practices
  • Full automation is possible and required to feed continuous processes
  • Continual building and destruction of infrastructure is desirable over stale configurations
  • Dynamic and on-demand capacity is available and should be leveraged
  • It is easy to isolate teams, applications and partner firms using built in tools.
  • Resiliency must be part design and not an afterthought.
A cloud migration is an opportunity to bake in policies and practices that were impossible in your previous environments.   It is an opportunity to leverage cloud vendor provided security, automation and pre-built services in a way that increases your team's capabilities.  The cloud lets you automate your infrastructure so that you are no longer fearful of making changes or rebuilding networking, servers, load balancers or data stores.  Cloud teams regularly destroy and rebuild infrastructure guaranteeing that you know how it goes together.  Cloud subscriptions/accounts and networks let you manage and isolate applications, teams and third party applications in ways that network alone didn't in the past. Cloud environments move away from fixed deployments with fixed addresses. They move towards dynamic deployments, address mobility and require that applications be more resilient from day one.  This lets them handle the more chaotic nature of Cloud environments and makes them more robust in the face of system or other failures.

Hybrid Cloud is Not an Off Site Data Center

Bake Security into Everything You Do

  • In Transit
  • At Rest
  • Application Authentication
  • Application Authorization
  • Credential Management
  • Operational Roles
In-house data centers are often not very secure.  They tend to move data across the wire without in the clear and leave data unencrypted when in databases and on disks. Cloud migrations often start with a certain level of paranoia.  Internal services often have weak internal call verification and tend to trust other services in the same containers or networks.

Cloud migrations tend to force a reevaluation based on the notion that data is no longer inside the company.  A cloud migration is the perfect time to secure data in transit and to secure data at rest.  A fair amount of effort is required to understand the at rest requirements. Data Storage products may offer their own encryption for all or portions of data.  Some companies only protect sensitive data.  Others decide that it is simpler to have a single level of security for each device type, RDBMS, NoSQL, File, Blob...

<this portion AND to be updated later>

Automate Everything

  • Build and Test
  • Infrastructure and Network
  • Monitoring
  • Recovery
  • Data Handling
  • Price and performance selection

Services Catalog

Data Services Catalog

  • SQL Data
  • NoSQL Data
  • Large Data Storage
  • Search
  • Messaging

Non-Data Services Catalog

  • Provisioning
  • Monitoring
  • Computation
  • Scaling
  • Network, Firewalls, Routers
  • Zero Provisioning Application Platforms

Cloud Accountability

  • Costs are Explicit
  • Resource Consumers are Exposed
  • Teams and projects pick their own cost models.
  • Data is visible in common consoles

Cloud Risks

  • It feels like a shiny object
  • Staff must be multi-functional
  • Encryption keys and certificate management are critical
  • Network edges must be protected
  • Public Services Security Risks must be understood
  • Some will not believe automation and change is possible or desireable



No comments:

Post a Comment