Yes, there are likely more than just three things to think about as you move to public and hybrid cloud configurations. But these three topics cover a lot around cloud-prep and migration territory and are among the most important:
- Policy and Enforcement
Cloud orchestration: why it matters
To begin with, orchestration is the basis of deployment and execution of complex multi-cloud configurations.. It is the central feature in the delivery of today’s data center and cloud services; the term describes the synchronized arrangement, coordination, and management of complex infrastructure systems to deliver a service. Orchestration defines the relationship amd interaction between all components of your infrastructure and applications. A well-orchestrated system is scalable and highly efficient with little need for human intervention.
So, what to look for? Ideally, you want a platform capable of orchestrating any workload across any cloud—public, private, or hybrid. In other words. you want to make sure not to get locked into any one provider’s application or infrastructure offerings: “We only work with AWS, or xyz containers, or storage or networking components.” As always, the watchwords are openness, flexibility and choice.
Pervasive policy and automated enforcement
An effective cloud security approach mustencompass the complete lifecycle - development, deployment and orchestration of your workloads. And itmust enable automated “ enforcement of consistent policies governing user activity,” according to independent cloud expert and author Bernard Golden. “The organization should have a set of rules about who’s able to request [which] resources, and those rules should be captured in a policy engine that can be applied automatically … It’s silly to put a human in the middle of that evaluation … After all, that’s what the human is doing—applying a set of organizational rules. Why not define the rules and apply them as part of the provisioning process?”
It’s no longer a question of rationing scarce resources for cloud development and deployment. Instead, the question – which can now be answered instantly and programmatically – becomes, “should a particular request be fulfilled – is it in keeping with our organization’s predefined, codified rules?”
Pervasive policy and its enforcement—spanning the full stack of physical, virtualized services, network and application layers—enable nearly all resource requests to be processed speedily with the assurance of security in your public, private and multi-cloud deployments. In essence, it is this rules-based approach, in concert with orchestration, that makes automated enforcement and control possible in complex, multi-cloud environments.
Cloud governance: who, what, where, when and how
Governance is a critical consideration to ensure that your cloud is consistent with regulatory and compliance mandates. To effectively govern complex, multi-cloud deployments, you need fine-grained, “deep policy” controls that encompass all aspects of the system, such as:
- identity management: Who is attempting to launch a process? How is this person or entity being authenticated? What permissions are being granted?
- scheduling: When and where is the workload running? In the cloud? In the data center?
- resource allocation: How much software and hardware resources is each workload permitted to consume—and under what conditions, specifically?
A complete cloud governance approach capable of enforcing your financial, business and IT rules must also include the supporting mechanics of transparency, so you have line-of-sight at every level, all the time. The same deep-policy controls mentioned above provide you with clear visibility into your development, deployment and execution of operations and processes. This gives your multi-cloud platform the ability to instantly answer all the relevant who, what, where, when and how questions so you can put a lid on rogue application deployment and usage proactively before security breaches or surprise budget overruns occur.
To explore both concerns and possibilities for a multi-cloud environment, please read our white paper: How to Get the Multi-Cloud Business Advantage Without Sacrificing Security or Control.