Avoiding Obstacles to Cloud Adoption – Part 2
Solinea services help enterprises build step-by-step modernization plans to evolve from legacy infrastructure and processes to modern cloud and open source infrastructure driven by DevOps and Agile processes.
Better processes and tools equals better customer (and employee) satisfaction, lower IT costs, and easier recruiting, with fewer legacy headaches.
Part 2 of a series: Technology and Security
Like the infrastructure aspect, Cloud security can be viewed as familiar technical measures with a new operational approach. The biggest problems arise from assuming the old familiar approach will fit. Here are some of the common failed approaches to a successful cloud adoption:
Security as Police. The security team see their role as policing established security conventions rather than as contributors to a new cloud security architecture. This leads to a weaker architecture and missed opportunities to improve the security model. It may also result in the entire cloud being boxed in as an ‘Application’ under the existing security model. Failure to adapt policy. The existing security policy extends to specific technical measures (legacy security products) and these do not fit the cloud model. An example might be a specific firewall product with no compatible FWaaS API. The policy may also require a single manual workflow and no automation. Involved too late. The security team does not get fully involved until implementation time, after technology choices and architecture are fixed. At this stage it is too late to create a security architecture that will enable the intended use cases for the cloud.
These approaches can lead to the following problems: Failure to deliver on objectives and improve KPIs. The intended use cases cannot be performed with automation resulting in a cloud that operates exactly the same as the legacy infrastructure it was intended to replace. The cloud platform scope becomes constrained, limited to low-value use-cases or a small group of users because of failure to incorporate an enterprise security architecture.
Solution: Bring in Governance and Security Teams Early
The challenge is to make security a part of the whole picture and integral to the success of the project. In many enterprises the security teams only deliver and enforce security solutions. For building cloud platforms, security is an essential aspect of the overall design.
The solution is to bring the security architect role into the development of the overall cloud platform architecture, participating in the same methodology described above alongside governance, development and infrastructure.
For OpenStack clouds there are many resources for IT security teams. The OpenStack project has a strong security focus with a dedicated security team focusing on securing the OpenStack Cloud platform. They help maintain the OpenStack Security Guide along with vendors and experiences users of the platform.
Check back for our follow-up post where we will summarize some fundamental security.
Solinea specializes in 3 areas:
- Cloud architecture and infrastructure design and implementation, with a specific focus on OpenStack – We have been working with OpenStack since its inception, wrote the first book on how to deploy OpenStack, and have built numerous privateand public cloud platforms based on the technology.
- DevOps and CI/CD Automation – Once we build the infrastructure, the challenge is to gain agility from the environment, which is the primary reason people adopt cloud. We work at the process level and tool chain level, meaning that we have engineers that specialize in technologies like Jenkins, Git, Artifactory, Cliqr and we build these toolchains and underlying processes so organizations can build and move apps more effectively to the cloud.
- Containers and Microservices – Now enterprises are looking for ways to drive even more efficiencies, we help organizations with docker and kubernetes implementations – containerizing applications and orchestrating the containers in production.