- January 27, 2020
- Catagory Multi-Cloud
Effective, robust multi-cloud security can’t be an afterthought. Securing public cloud instances is one of many significant operational considerations when embracing a multi-cloud strategy.
By making multi-cloud security an upfront priority, you prevent a lot of headaches that would inevitably pop up down the road, including interoperability issues. It also gives you a template for best practices and policy when securing public cloud instances in the future.
Draw a map of your multi-cloud security
Effectively securing public cloud instances should be guided not only by today’s needs from the platform but also how it might meet future business requirements as part of a broader multi-cloud environment. You need to align your business drivers for running multiple clouds with a security strategy so you can reduce—if not eliminate—weak links that can lead to data breaches and non-compliance with regulatory requirements and privacy legislation.
Define cloud workload security requirements
Multi-cloud’s reason for being reflects the trend toward lines of business and different areas of IT wanting to use the best cloud for the workload based on feature and performance needs. But multi-cloud security is no different than hybrid cloud environments in that you must keep in mind data confidentiality, integrity and availability.
Evaluate built-in cloud security features
Each public cloud platform comes with its own built-in security controls but securing public cloud instances will vary from provider to provider, even if the service is the same. How Amazon Web Services (AWS) secures a backup service offering will differ from that of Microsoft Azure, for example, so make you must understand the embedded security controls and tools for each cloud platform, and which ones are switch on by default, such as data encryption. Once you’ve established foundational multi-cloud security, you can augment appropriately on a per-platform basis.
Layer on additional security as needed
Multi-cloud security requires consistency. Once you understand what’s already built into the various cloud platforms you’ve spun up for each workload, you can add more layers, including third party tools, so you’re always applying global security policy automatically no matter how your multi-cloud environment grows or changes. Automation is critical to effectively securing public cloud instances in a scalable manner that keeps your overall environment manageable.
Multi-cloud security means 24/7 monitoring
Securing public cloud instances in a hybrid model usually means relying on security tools from a specific provider or one you’ve selected for monitoring your on-premises environment. Multi-cloud security means you must maximize visibility across your entire portfolio of cloud deployments and any other systems with which they may interact.
Multi-cloud security requires significant forethought if you’re achieve and maintain the necessary visibility to mitigate risk and meet today’s ongoing compliance and regulatory pressures. Securing public cloud instances in a multi-cloud environment also means knowing for certain who’s responsibility for what and establishing practices so you can scale and automate security with the pace of business and a cloud-first strategy.
- December 11, 2019
- Catagory Managed IT Services
Even as 2019 starts to wind down, it’s hard not think about the year ahead and how best to focus our energies—including IT operations. It’s safe to say the more things change, the more things stay the same as many of challenges will continue into 2020 as they have in previous years.
However, these challenges continue to evolve and coming up with a strategy for them can better prepare you for emerging technologies and trends that are bound to affect your business operations and your IT infrastructure, if sometimes only indirectly.
It seems a little obvious to say security is important—most consider it table stakes when deploying and managing IT today—but it can never be overstated that it’s something you must keep on top of. Threats to data and applications, either from human error or malicious threats such as malware and hackers, are never going to go away. If you only make one New Year’s resolution, make it to get your arms around security. The next year will go smoother operationally with better visibility into what’s going on across your network, and what’s happening to your data. Both your C-suite and customers will benefit.
Compliance and Privacy
Security should not be confused with compliance and privacy, and vice versa, but all three are heavily intertwined. Security is an essential part of being compliant with privacy legislation, and there’s consequences for not being able to adhere to the various regulatory frameworks and legislation in play. The European General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) aren’t going anywhere, and the state of California has its own privacy legislation in the works. Despite their countries of origins, their impact can penetrate many other jurisdictions worldwide. If you don’t know if and how these and other rules affect you, make 2020 the year you figure out for certain.
Part of compliance is data governance, but even without privacy legislation at play, there’s plenty of reasons to have a strategy in place to manage the exponential growth of information. Whether it’s practical considerations such as storing it cost effectively or making it better available for business applications, the time to get a handle on your data is always now because it’s only going to grow in volume and velocity.
As public clouds platforms proliferate and widen their scope to offer more services and handle more workloads, a multi-cloud model has emerged that reflects the reality that business requirements from various cloud platforms differ. Some are better suited for handling the application and data demands of marketing and salespeople, while others are better geared for processing a high volume of transactions, rapidly and reliably. Although a public cloud provider may do everything a business needs, it can also mean compromising on features or performance. A best-of-breed, multi-cloud approach reduces dependence on any single public cloud platform while preserving the flexibility to move workloads between providers.
Business Intelligence and Data Analytics
Getting a handle on your data is essential if you want to make good use of it. No matter than size of your organization, it’s full of information that can help you optimize operations and business processes while improving your marketing, whether it’s by helping you land new customers or keep the current ones happy—even upselling them to buy more of your products and services. Business intelligence certainly isn’t new, but because every organization is swimming in information, it’s no longer a luxury. If you’re not tapping into it for competitive advantage, others in your industry certainly are.
The Internet of Things / Operational Technology
Some of that data is coming from new and interesting place as the Internet of Things and operational technology (OT) devices are increasingly comprising enterprise networks. Traditionally segmented from IT infrastructure, OT endpoints in manufacturing and municipal facilities that deliver water and power are being added to existing IP networks. These pose challenges from a management and security perspective, but also present opportunities to innovate based on the data that’s ingested, as well as optimizing business processes.
Gone are the days of throwing more people at a problem. Even if money is no object, it’s no longer feasible to do every task manually—people just can’t keep up. In the rush to try, human error can lead to misconfigurations that impact security posture, compliance and the customer experience. It means your IT teams aren’t focusing on strategic initiatives and you’re not focused on your core business. Whether it’s automating through emerging technologies enabled by artificial intelligence or handing off repetitive tasks to a business process services provider, you need to make smart decisions about who does what and why.
A new year always brings new opportunities and new challenges. No matter the size of your business or industry, all these technology trends are bound to affect you in some way. Understanding how is the first step, and that’s where a managed IT services provider can help. They’ve already helped other customers navigate the terrain and develop best practices that you can implement to move your business forward and improve the bottom line.