Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
01The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
The Hidden Challenges of Public Cloud and SaaS Integration
An OpenSky White Paper
02The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
CONTENTS
03 The Hidden Challenges of Public Cloud and SaaS Integration –
An OpenSky White Paper
04 Cloud Security
04 Identity and Access Management
05 Technical Integration
06 Build Challenges
07 Operations
08 Cloud Maturity
09 Lighting the Shadows of Clouds
03The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
It is only with a clear understanding of the hidden challenges of
integrating public cloud infrastructure platforms and software-
as-services solutions with on premise IT environments that
businesses can ensure successful cloud adoption. Careful
exploration of the following considerations opens the door for
organizations to truly harness the power of the cloud.
The cloud has become a fundamental part of modern business for organizations in all industries
The cloud has become a fundamental part of modern business
for organizations in all industries. The reliance on cloud computing
and other as-a-service solutions has revolutionized the scalability,
cost-efficiency, and agility of IT environments, leading to
impressive results in employee productivity, budgetary expenses,
and product or service delivery.
While there are certainly numerous benefits to leveraging the
cloud, many business leaders have the wrong expectations
when it comes to cloud services. This is a conflict of perception
and reality, because executives assume that cloud adoption is
a simple process, moving workflows can be done with ease, and
security in the cloud is the same as on-premise. In reality, there
are dozens of considerations, challenges and concerns that IT
teams must address in order to take a business to the cloud.
However, the hurdles of cloud adoption should not scare away
any business leaders, because there are plenty of solutions to
cloud problems, some tips to make implementation easier and
more secure, and hundreds of examples of cloud success. These
strategies will help any organization overcome the threshold of
adoption that has prevented so many companies from consuming
and supporting cloud computing and other cloud services.
04The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
1. Cloud Security
There is a wealth of risks and threats to business critical data
and applications. The emergence of public cloud services
provides an opportunity for customers to architect in strong cyber
security capabilities to address those risks and threats, but it also
introduces new challenges.
With an on-premise data center, businesses clearly own the data
stored within, and they have tight control over who can access
that information. Traditionally, data stewardship is straightforward,
but not in the cloud.
When using cloud services, organizations must establish who
controls data, mainly because they will always be responsible for
its protection, even if the breach was an accident. This means
paying attention to state and federal laws is critical - where data is
stored matters. Additionally, businesses need to determine what
their cloud providers can see, and this will impact encryption
practices including the use of asymmetric cryptography,
encryption levels and strong authentication.
Furthermore, cloud provider contracts will outline who controls
security equipment and who can alter or access those controls.
Some cloud services offer virtualization, but in reality, a balance of
hardware and software is necessary to ensure data security. So,
businesses should vet their cloud providers’ logging, monitoring,
and SEIM systems, perhaps taking hints from those practices for
on-premise environments.
2. Identity and Access Management
The combination of social, mobile, analytics, and cloud computing
create exciting business solutions and new areas of expansion for
Identity Access Management (IAM). Cloud services create new
places to authenticate and new places to be authenticated from,
which require new security architecture considerations.
A balance of hardware and software is necessary to ensure data security.
05The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
Authentication can replace the “loss of the perimeter”
3. Technical Integration
Regardless of the type of cloud services that a business uses,
physically integrating these resources with existing software,
hardware and data poses a challenge for many IT departments.
There can be integration points between on-premise and off-
premise elements, or different cloud services.
The fact of the matter is that there are no magic guidelines for
integrating traditional on-premise infrastructure with the variety of
cloud solutions available; there are far too many considerations
to clear up in a single sentence or two. However, this might be
the most important aspect of cloud integration, as success here
ensures that applications and services perform at high levels with
high availability.
How you tokenize identity and manage its traceability needs to be a factor in your overall IAM strategy.
If your employees and other users leverage cloud services along
with other internal services, and leverage mobile apps to access
those services directly, then they are probably establishing other
forms of identity and using them for business purposes. A new
area of inherent risk has evolved requiring new types of controls
and protocols, including authentication (consider OAUTH). How
you tokenize identity and manage its traceability needs to be
a factor in your overall IAM strategy. It’s a bit tangential to the
historic scope of IAM but, this isn’t your father's IAM anymore.
. The
perimeter (typically intranet/internet boundary) was not only
positioned for basic network attack protection, it also became a
point to layer other controls including data loss prevention, data
encryption policies, command and control detection, intrusion
prevention, email validation. That perimeter is gone in many cloud
use scenarios and authentication is the logical play to reconnect
those important services. Central Authentication is worth
investigating because it opens up the opportunity to enforce other
types of policies, even if you don’t own the endpoint or network.
06The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
4. Build Challenges
Technical experts in each company that are responsible for infrastructure platforms and services, need to understand how their architectural roadmaps will need to change.
Recently, OpenSky worked with a large enterprise that was
experiencing difficulties enabling test environments in IaaS
providers, such as AWS and Microsoft Azure, to support its
application development teams. Many of the application
environments were expecting to leverage legacy standard server
images, middleware configurations, and system management
software. These standard images and software elements were
dependent on things like Active Directory domain membership and
being part of the routable corporate IP network. Extending those
services, and automating the extension of those traditional on-
premise platforms can require different approaches, when dealing
with different service providers.
Simply put, businesses need to think about establishing
strong, seamless integrations between traditional on-premise
infrastructure platforms and public cloud services. Technical
experts in each company that are responsible for infrastructure
platforms and services, must understand how their architectural
roadmaps will need to change to enable the public cloud service
integration points that their businesses will require to remain
competitive.
With a traditional on-premise data center, there are a lot
of standards and best practices, especially when it comes
to topology and system requirements. Industry-established
techniques for standardizing and provisioning on-premise IT
infrastructure might seem applicable to the cloud, but there are
new considerations that can make the provisioning of cloud-based
environments much more complex.
After all, there is no one-size-fits-all roadmap for using the cloud,
and when considering the breadth of different IaaS and SaaS
services available, there won’t be a single cookie-cutter standard
for building the best hybrid IT environment. Further adding
complexity, cloud vendors have their own set of provisioning
07The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
interfaces, often giving customers the option to provision services
through a web portal or a published API interface.
5. Operations
InformationWeek reported that everyone must work together to
support a unified architecture model in which storage, networking,
Teams must work in cohesion with a variety of different skills as environments blend together and some tasks span multiple technical boundaries.
Microsoft’s Azure is a great example of how building cloud
environments can become challenging due to the ability to drive
provisioning automation with Windows PowerShell. Microsoft
maintains a Windows Azure PowerShell cmdlet library to help
automate and customize the provisioning of Azure public cloud
services. For companies that don’t leverage the Azure cmdlet
library, the manual provisioning of Azure resources can be
cumbersome and time-consuming. Organization’s that don’t
properly plan for the development of new automation capabilities
can struggle to gain traction with cloud adoption initiatives.
After construction and integration, IT teams are challenged with
the task of maintaining operations with their newly deployed hybrid
environments. Whether integrating with IaaS services such as AWS or
Azure, or migrating back office productivity platforms to SaaS
offerings such as Office 365, the new challenges associated with
operating these systems are often underestimated. Small aspects
of cloud environments might cause standard practices to become
jobs of the past, because supporting cloud platforms and services
demands a different focus of operating procedures and skills.
For decades, IT organizations have been positioned to give one
person the reins to a specific technical area, i.e. networking,
backups or email. Essentially, there was always a role for a specific
task in operations. However, that is no longer the standard in the
cloud. Teams must work in cohesion with a variety of different skills
as environments blend together and some tasks span multiple
technical boundaries.
08The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
and programming all support the same goals.1 Therefore, cloud
engineers need to understand everything that their technologies
interact with, because this will grant them the foundational
knowledge to support all cloud ventures. The source explained
that cloud engineers must become “jacks of all trades.”
OpenSky perceives this operational shift as a gradual one,
commensurate with the adoption of cloud services in an
organization. We anticipate that many of our larger enterprise
clients will continue to require subject matter expertise and
operational focus across traditional infrastructure technologies,
(i.e. storage, network, compute, virtualization, etc.). At the same
time, we are working with those customers to help develop the
procedures and operational knowledge required to enable their
IT teams to operate in a Hybrid environment as cloud adoption
continues to increase.
6. Cloud Maturity How you tokenize identity and manage its traceability needs to be a factor in your overall IAM strategy.
The public cloud has been around for more than a decade at
this point, but the underlying compute, storage, network, and
virtualization technologies are just reaching levels of maturity that
are enabling broad levels of adoption. This relative state of infancy
and evolution introduces a unique challenge to businesses,
because there is no guide or standard roadmap to follow. Adding
more complexity to the issue, cloud services are evolving
frequently and drastically, much faster than traditional on-premise
platforms and applications.
In the past two to three years, IaaS providers like AWS and Azure
have drastically evolved and improved their ability to secure data,
provide fault tolerance and disaster recovery capabilities for
applications. These trends are likely to continue as technology
advances march onward. While the rate of change can tear down
barriers for cloud adoption, it can also create challenges.
09The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
Staying up to date and informed on all the changes taking place in
the cloud computing industry could be a full-time job in itself, as IT
teams work out the business use case for each new feature and
capability, as well as how to support them.
Lighting the Shadows of Clouds
Integration of cloud services with traditional IT infrastructure
platforms is not a one-time project. It is a foundational component
of how successful organizations manage their IT assets. Executives often lack a complete understanding
Sources: 1.networkcomputing.com/careers-and-certifications/building-cloud-computing-skills/a/d-id/1316747
In general, all of the cloud challenges facing businesses can
be boiled down into a single statement: Executives often lack
a complete understanding of the complexity of cloud service
adoption, and that can lead to integration, security, and operational
shortcomings. However, these problems can be avoided if
businesses take the time to work out the architecture and
integration points, as well as developing organizational alignment
for a successful implementation.
of the complexity of cloud service adoption, and that can lead to integration, security, and operational shortcomings.
010The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper
OpenSky Corp
Tolland, CT 06084
866-302-3941
www.openskycorp.com
One Technology Drive