Tag: Cloud Partnerships

Cloud Security is a Shared Responsibility

by Jim Conwell, posted in Cloud and IT Consultants, Cloud Computing, data center, IT Regulation, IT Security

shared security model cloud security is shared[/caption]

When I first became familiar with enterprise cloud computing, one of the primary objections of cloud adoption was the security of the data within the applications. Today that has changed; as cloud has matured it is now seen as an option for IT infrastructure that can be designed to be more secure than on premises solutions.  Through the process of designing a cloud infrastructure IT professionals have become aware of the increase security benefits cloud offers. Concurrently, IT data exposure and breaches have become more widespread and security has become a greater responsibility. These factors have led all cloud architects, whether with a cloud provider or working within an enterprise, to realize that cloud security is a shared responsibility. Cloud security is shared in two respects, first within the different groups of the enterprise and secondly, the responsibility of securing data is split between the enterprise and the cloud provider. For the purpose of this article we will focus on the sharing of security responsibilities between the enterprise and the provider. I will segregate three categories of cloud computing responsibility in order to simplify the roles and responsibilities: infrastructure, operating systems including applications and customer data.  

Private Cloud

Most IT users today consider a virtualize stack of IT infrastructure on premises a private cloud. In this scenario, as existed before cloud computing, the enterprise is responsible for all aspects of security. In an on-premises private cloud infrastructure the enterprise needs to secure their data from all physical, technical or administrative threats. With large organizations the security responsibilities can be shared within groups of their IT departments which may include network, security, application and compliance.

Infrastructure as a Service.

The greatest security coordination concerns come from a public or hybrid cloud configuration such as infrastructure as a service (IaaS). With an IaaS environment the enterprise has agreed to have the provider manage the infrastructure component of the IT security. This enables the enterprise to outsource all security and regulatory concerns concerning the actual server hardware. They also realize benefits of physical security because their IT infrastructure is off premises and in a secured facility. Many times, regulation or even large customers, will mandate an audited data center standard such as SOC 2 for their IT infrastructure as a requirement of the business partnership. Creating an audited SOC 2 compliant data center on premises can be costly and time-consuming. The hosting of their IT infrastructure in an audited and physically secure data center is one of the greatest benefits of IaaS.

Beyond the physical infrastructure, the IaaS or cloud provider also assures the security of the software hypervisor that orchestrates the virtualized cloud operating systems and services. However, the enterprise is still responsible for the operating systems of the virtual servers and the security patches the software developer issues for them. Additionally, the enterprise is responsible for the security of all their own software applications and the data that resides on them. Some cloud providers will offer managed services to their clients that will include security functions. The provider may offer a managed firewall, monitoring and even malware protection for the virtual servers they host. These services add value as the provider is more familiar with security best practices in the IT infrastructure stack than the enterprise. Still there is always a shared responsibility for security with the enterprise always responsible for their own data. 

Software as a Service (SaaS)

SaaS is the cloud technology the majority of businesses have the most experience with and understand the best. Common SaaS platforms like Microsoft Office 365, Google G Suite or CRM based software like salesforce.com have made SaaS commonplace. Virtually the whole IT stack is owned by the provider in a SaaS platform, however, the enterprise still does still have security responsibilities. The enterprise’s primary security responsibility is concerned with their own data. The business owns their data and needs to ensure it is free of malware and other external threats. They also need to protect the end points such as laptops and tablets that are used to access the SaaS data.

Additional Considerations

Other IT security responsibilities the enterprise needs to consider in any Cloud environment are connectivity, authentication and identification services as well as managing abandoned resources.

Connectivity to the cloud provider is most secure when a private circuit or connection can be implemented. If a private connection is not practical the enterprise needs to create a secure connection such as a virtual private network (VPN) and assure a secure connection is created over public internet.

Authentication and identification of network users is an integral part of any enterprise IT network. Additionally, it is equally important to integrate any authentication or directory service with the cloud solution. A solution like Microsoft Azure AD is considered by many as a best practice for this complicated process. It was described in some detail in a previous article Active Directory (AD) in the Cloud. Finally, a frequent cause for concern, especially with enterprises that employ large IT staffs, are abandoned resources. These are cloud instances that were created and have lost their relevance and have been forgotten. They can reside in a public cloud for years, with continued billing, and the customers data is open to the public since they were created in a  time with less stringent security policies. Periodic billing review and the monitoring services security platforms offer can eliminate this waste.

Business cloud solutions offered to the enterprise come in many different configurations that vary as to the type of infrastructure, software and services offered. In all cloud environments security requires a shared responsibility as well as a layered approach coordinated between the cloud providers and the enterprise.  A supplier agnostic advisor like Two Ears One Mouth IT Consulting can assist by helping a business find the right provider and security services for your business’s applications.      

 

If your business is unique and requires a custom cloud security solution for IT Support

Contact Jim Conwell (513) 227-4131      jim.conwell@twoearsonemouth.net

www.twoearsonemouth.net

we listen first…

         

The AWS & VMware Partnership

by Jim Conwell, posted in Cloud Computing, IOT

VMware.AWS-image

image courtesy of eweek.com

In the world of technology, partnerships are vital as no provider does everything well. Some partnerships appear successful at first glance, but others require more of a wait and see approach. When I first heard that VMware and Amazon Web Services (AWS) were forming a partnership I felt I wanted a better explanation as to how it would work before deciding on its merits. My cynicism was primarily founded in VMware’s previous attempts to play the public cloud market such as the failed vCloud Air. After learning more, I’m still not convinced it will work but the more I understand, the more sense it makes.

It can be said that VMware invented the cloud through its pioneering of the technology of virtualization. It allowed the enterprise in the 1990’s to spend less money on IT hardware and infrastructure. They taught users how to build and add to an IT infrastructure in minutes rather than weeks. They taught us how to make IT departments to be agile. In a similar way, it seemed that AWS has built an enormous and rapidly growing industry from nothing. It had the foresight to take their excess IT infrastructure and sell it, or more precisely rent it. This excess infrastructure had the ability to be rented because it was built on their flavor of virtualization. For these two to join forces does make sense. Many businesses have built their virtualized IT infrastructure, or cloud, with the VMware hypervisor. This can be on the premises, in another data center or both. With the trend for corporate IT infrastructure to migrate off-site, the business is left with a decision. Should they take a “lift and shift” strategy to migrate data off site or should they redesign their applications for a native cloud environment? The lift and shift strategy refers to moving an application or operation from one environment to another without redesigning the application. When a business has invested in VMware and management has decided to move infrastructure off site, a lift and shift strategy makes sense.

To follow is a more detailed look at a couple of the advantages of this partnership and why it makes sense to work with VMware and AWS together.

Operational Benefits

With VMware Cloud on AWS, an organization that is familiar with VMware can create a simple and consistent operational strategy of their Multi-cloud environment. VMware’s feature sets and tools for compute (vSphere), storage (vSAN) and networking (NSX) can all be utilized. There is no need to change VMware provisioning, storage, and lifecycle policies. This means you can easily move applications between their on-premises environments and AWS without having to purchase any new hardware, rewrite applications, or modify your operations. Utilizing features like vMotion and VMware Site Recovery Manager have been optimized for AWS allowing users migrate and protect critical applications at all their sites.

Scalability and Global Reach

Using the vCenter web client and VMware‘s unique features like vMotion enhance AWS. AWS’s inherent benefits of unlimited scale and multiple Availability Zones (AZ) fit hand in glove with VMware’s cloud management. A primary example is an East Coast enterprise opening a West Coast office. The AWS cloud will allow a user to create infrastructure on the AZ West Coast on demand in minutes. VMware’s vCenter web client will allow management of the new site as well as the existing primary infrastructure from a single pane of glass. This example displays not only how the enterprise can take advantage of the benefits of this partnership but also that the partnership will appeal to the needs of a larger enterprise.

The benefit above, as with the solution in total, is based on the foundation of an existing VMware infrastructure. This article has just touched on a couple of the advantages of the VMware AWS partnership, there are many. It may be noted that cost is not one of them. This shouldn’t surprise many IT professionals as large public cloud offerings don’t typically reduce cost. Likewise, VMware has never been known as an inexpensive hypervisor. The enterprise may realize soft cost reduction by removing much of the complexity, risk, and time associated with moving to the hybrid cloud.

Both AWS and VMware are leaders in their categories and are here to stay. Whether this partnership survives or flourishes, however, only time will tell.

If you would like to learn more about a multi-cloud strategy for your business contact us at: Jim Conwell (513) 227-4131      jim.conwell@twoearsonemouth.net

www.twoearsonemouth.net