As more and more workloads are moved to the cloud, many organizations tend to overlook some fundamental concepts along the way. While the services offered by the leading public cloud providers become more and more robust and the appeal of shifting traditional IT responsibilities onto cloud providers grows, it’s important for those responsible for moving to the cloud (executives, IT leadership, application owners, etc.) to consider how this change impacts the application’s security posture, availability and recovery architecture, and what implementation approach makes the most sense.
Mature organizations typically provide IT services out of data centers that house many enterprise applications (think ERP, CRM, WMS, billing systems, content management, etc.) and core infrastructure (think corporate email, collaboration, productivity, intranet/portals, etc.). Many of these applications may share infrastructure (systems related to security, availability, backup & disaster recovery, etc.).
When moving a workload/application to the cloud, it is important to understand what cybersecurity risks are being mitigated in the on-premises data center and to consider whether those cybersecurity risks change when living in the cloud. One common scenario involves moving public internet facing web applications to the cloud. Many organizations have on-premises (web application firewall, or WAF) systems to protect their web apps from risks such as SQL injections or cross site scripting attacks. This may be overlooked during migration planning if cybersecurity and/or risk management is not top of mind from the beginning.
Moving workloads to the cloud can provide tremendous value to organizations but still require (if not even more so) diligence in securing systems and data.Like the security architecture theme, disaster recovery is often overlooked during cloud migration initiatives. Some think that public cloud providers can’t “go down”, but history tells us otherwise, regardless of the provider. When workloads are moved to the cloud, there are still important conversations and architecture impacting decisions around disaster recovery that need to occur. Just because an application runs in a leading public cloud provider’s environment doesn’t mean organizations don’t need to think about how long their application might not be available if that provider experiences an outage. Organizations still need to think about how to make their applications resilient to infrastructure outages and recoverable within the business’s time frames.
Many organizations deploy their cloud infrastructure the same way they have deployed their traditional on-premises infrastructure – their IT teams setup cloud services manually. They may deploy PaaS databases and web servers, virtual machines, virtual networks, etc. through management consoles. They may author technical documentation of how everything was setup when the project is complete to aid in system management or for training purposes. In some cases, this makes the most sense. However, with cloud-based systems, many organizations are turning to infrastructure as code (IaC) methodologies due to advantages in replicating environments in a repeatable way, benefits in disaster recovery scenarios, and improvements to operations & administration not achievable by manual implementations. While this methodology overlaps with DevOps, IaC implementations can be beneficial to organizations that haven’t fully adopted (or even started) a DevOps operational model. The code itself may address a large percentage of the documentation needs of the organization. The ability to reproduce the infrastructure may dramatically improve an organization’s disaster recovery posture or optimize implementations of software updates. It may cause organizations to rethink their DEV, TEST, QA, and/or UAT environments from an infrastructure, operations, and/or cost perspective.
Rightpoint can help organizations leverage public cloud provider’s infrastructure and services while ensuring the overall architecture sufficiently incorporates security, availability, and recoverability requirements to ensure long term success. At the same time, Rightpoint can aid in modern cloud deployment techniques that can help organizations transform how IT services are delivered within their businesses.