Eric J. Bruno
You’ve invested a lot of time and effort in your cloud strategy over the last few of years. Now's a good time to review it, locate any remaining holes, and determine how to shore them up. For example, as more mission-critical services move to the cloud, have you taken the time to review leading security practices to make sure they're addressed in your cloud roadmap? Also, do you have procedures in place to ensure that when one of your cloud providers makes an update, you can coordinate it through the regression test cycle? Can you ensure that hybrid business processes that traverse internal and external boundaries aren't affected, in this case, as well? Let’s take a look at what you should review, and how to avoid risks such as these.
Cloud-based Services and Platforms
It’s more important than ever to refine your roadmap to ensure you’re getting the most value from the cloud and eliminating related risk. Cloud platform vendor solutions, such as Microsoft Azure, Amazon Web Services (AWS), Oracle Cloud, and others offer complete stacks of integrated cloud services for you to build your own cloud strategy on. These solutions are designed to eliminate tight coupling between hardware and software, which allows you to more easily change your cloud application compositions, and the business processes built from them.
When determining which services should go into the cloud, you need to fully understand the business opportunities behind the moves. The first step to take is to have a business discussion where the following questions are asked:
The answer to the first question should be straightforward, but you need to explore all avenues of your application. For instance, even if it's not strictly a Web application, how much of your application can be self-administered by users (your customers) over the Web? By making more of the admin functions self-serve, you not only save call-center costs, but your users may prefer it. However, providing this service will require you to place this functionality in the cloud, since more users will need access to it. Doing this has direct consequences in terms of authentication, authorization and security in general.
Regarding the third point, don't be selfish. Ask yourself whether other business groups in your organization can benefit from the services you place in the cloud. Corporate reuse of existing applications has been a goal of almost every enterprise since the 1980s, with the hope of cost savings and increased return on investment. The cloud and microservices are delivering on this promise by helping us think about reuse during the design phase, instead of after applications have been built and deployed. Furthermore, ask whether your company can find new business opportunities through paid access to some of your valuable cloud services.
Finally, remember that your cloud strategy should look beyond just cost savings. Instead, make sure you’re using the cloud in a way to deliver increased value to your customers and users, sooner. This comes by way of focusing more of your IT on application features and enhancements instead of infrastructure and complicated—in other words, slow—deployments.
With so much at stake, public cloud provides invest a tremendous amount in security measures, and ongoing security enhancements. Your services will inherit the security, reliability, and monitoring offered by these vendors at a much lower price point then if you did it yourself. Security begins with high-availability, or up-time, of your services and composite applications. In addition to your application logic components, ensuring redundancy at all layers (including the network and storage services) reduces the risk of down time in your cloud-based architecture.
Cloud platform solutions typically offer the monitoring, even self-healing, and dynamic security and network optimizations required to achieve the most secure and reliable cloud-based services. You need to ensure that your cloud architecture takes advantage of physical isolation, IP address enforcement, and data isolation to guarantee the most secure environment. The right balance between virtualization and physical isolation should be found to offer the most reliable, cost-effective cloud implementation for your organization.
When it comes to security, don’t go it alone; always seek help from outside experts and vendors. For example, the Cloud Security Alliance is a resource aimed to promote the use of best practices for security assurance within cloud computing. They provide research and education on the safe uses of cloud to help secure all forms of computing.
Serverless cloud services such as AWS Lambda and IBM Cloud Functions (among others) allow you to break your processes down into individual logic and data units that can be more-easily deployed to the cloud, and then quickly recomposed and scaled to handle even your most complex applications. This removes issues around managing these compositions yourself, such as the business disruptions often experienced when reconfiguring and deploying software on your own hardware. Most importantly, by removing the configuration required otherwise, these cloud platforms enable you to more quickly deploy and test new services to your enterprise or your customers. The result is a more nimble and reliable IT organization, with direct benefits in terms of cost savings and customer satisfaction.
Beyond quality assurance, cloud testing platforms such as Akamai CloudTest (formerly known as SOASTA) offer transparency as to the capacity of your cloud services and composite applications. Knowing—through proven testing practices—that your application can meet the demands of your users, even with unexpected spikes and surges in activity, offers the level of confidence required in your mission critical applications. Additionally, look for platforms and vendors to help test the security of your cloud-based applications. These tests should test your application as well as the cloud provider infrastructure you rely on.
Crossing the boundary between business and technical reasoning, ease of administration is another factor to be considered when determining what can be moved to the cloud. For example, the cloud can help to remotely deploy, administer and configure individual components in new ways. Modern DevOps and automation tools such as Harness.io use machine learning to help enhance and automate cloud-based application deployment; Nutanix helps manage hybrid cloud applications; open-source solutions such as Puppet and Chef, and container-based solutions abound.
Often, managing smaller, individual portions of otherwise monolithic applications in the cloud ensures quicker deployment, lower costs and greater system uptime. This is the motivation behind a microservices-based architecture. Simply put, if moving a component to the cloud helps you outsource its management, the cost savings over time can justify your decision. Centralizing administration in this way also serves as a gateway in your architecture, helping to fight duplication and wasted effort reinventing the wheel.
In summary, whether you’re defining or adjusting your cloud strategy, always consider the business issues first: reuse, collaboration and additional sales through service. Next, consider the technical benefits, such as scalability (which includes elasticity), security, portability and abstraction. Finally, consider the ease of administration, the cost savings, and decrease in time-to-value of moving key portions of your applications to a public cloud provider.