Cloud and SaaS Integration - TUV Rheinland OpenSky...IAM strategy. If your employees and other users leverage cloud services along with other internal services, and leverage mobile

01The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper

The Hidden Challenges of Public Cloud and SaaS Integration

An OpenSky White Paper


CONTENTS

03 The Hidden Challenges of Public Cloud and SaaS Integration –

An OpenSky White Paper

04 Cloud Security

04 Identity and Access Management

05 Technical Integration

06 Build Challenges

07 Operations

08 Cloud Maturity

09 Lighting the Shadows of Clouds


The Hidden Challenges of Public Cloud and SaaS Integration – An OpenSky White Paper

It is only with a clear understanding of the hidden challenges of

integrating public cloud infrastructure platforms and software-

as-services solutions with on premise IT environments that

businesses can ensure successful cloud adoption. Careful

exploration of the following considerations opens the door for

organizations to truly harness the power of the cloud.

The cloud has become a fundamental part of modern business for organizations in all industries

The cloud has become a fundamental part of modern business

for organizations in all industries. The reliance on cloud computing

and other as-a-service solutions has revolutionized the scalability,

cost-efficiency, and agility of IT environments, leading to

impressive results in employee productivity, budgetary expenses,

and product or service delivery.

While there are certainly numerous benefits to leveraging the

cloud, many business leaders have the wrong expectations

when it comes to cloud services. This is a conflict of perception

and reality, because executives assume that cloud adoption is

a simple process, moving workflows can be done with ease, and

security in the cloud is the same as on-premise. In reality, there

are dozens of considerations, challenges and concerns that IT

teams must address in order to take a business to the cloud.

However, the hurdles of cloud adoption should not scare away

any business leaders, because there are plenty of solutions to

cloud problems, some tips to make implementation easier and

more secure, and hundreds of examples of cloud success. These

strategies will help any organization overcome the threshold of

adoption that has prevented so many companies from consuming

and supporting cloud computing and other cloud services.


1. Cloud Security

There is a wealth of risks and threats to business critical data

and applications. The emergence of public cloud services

provides an opportunity for customers to architect in strong cyber

security capabilities to address those risks and threats, but it also

introduces new challenges.

With an on-premise data center, businesses clearly own the data

stored within, and they have tight control over who can access

that information. Traditionally, data stewardship is straightforward,

but not in the cloud.

When using cloud services, organizations must establish who

controls data, mainly because they will always be responsible for

its protection, even if the breach was an accident. This means

paying attention to state and federal laws is critical - where data is

stored matters. Additionally, businesses need to determine what

their cloud providers can see, and this will impact encryption

practices including the use of asymmetric cryptography,

encryption levels and strong authentication.

Furthermore, cloud provider contracts will outline who controls

security equipment and who can alter or access those controls.

Some cloud services offer virtualization, but in reality, a balance of

hardware and software is necessary to ensure data security. So,

businesses should vet their cloud providers’ logging, monitoring,

and SEIM systems, perhaps taking hints from those practices for

on-premise environments.

2. Identity and Access Management

The combination of social, mobile, analytics, and cloud computing

create exciting business solutions and new areas of expansion for

Identity Access Management (IAM). Cloud services create new

places to authenticate and new places to be authenticated from,

which require new security architecture considerations.

A balance of hardware and software is necessary to ensure data security.


Authentication can replace the “loss of the perimeter”

3. Technical Integration

Regardless of the type of cloud services that a business uses,

physically integrating these resources with existing software,

hardware and data poses a challenge for many IT departments.

There can be integration points between on-premise and off-

premise elements, or different cloud services.

The fact of the matter is that there are no magic guidelines for

integrating traditional on-premise infrastructure with the variety of

cloud solutions available; there are far too many considerations

to clear up in a single sentence or two. However, this might be

the most important aspect of cloud integration, as success here

ensures that applications and services perform at high levels with

high availability.

How you tokenize identity and manage its traceability needs to be a factor in your overall IAM strategy.

If your employees and other users leverage cloud services along

with other internal services, and leverage mobile apps to access

those services directly, then they are probably establishing other

forms of identity and using them for business purposes. A new

area of inherent risk has evolved requiring new types of controls

and protocols, including authentication (consider OAUTH). How

you tokenize identity and manage its traceability needs to be

a factor in your overall IAM strategy. It’s a bit tangential to the

historic scope of IAM but, this isn’t your father's IAM anymore.

. The

perimeter (typically intranet/internet boundary) was not only

positioned for basic network attack protection, it also became a

point to layer other controls including data loss prevention, data

encryption policies, command and control detection, intrusion

prevention, email validation. That perimeter is gone in many cloud

use scenarios and authentication is the logical play to reconnect

those important services. Central Authentication is worth

investigating because it opens up the opportunity to enforce other

types of policies, even if you don’t own the endpoint or network.


4. Build Challenges

Technical experts in each company that are responsible for infrastructure platforms and services, need to understand how their architectural roadmaps will need to change.

Recently, OpenSky worked with a large enterprise that was

experiencing difficulties enabling test environments in IaaS

providers, such as AWS and Microsoft Azure, to support its

application development teams. Many of the application

environments were expecting to leverage legacy standard server

images, middleware configurations, and system management

software. These standard images and software elements were

dependent on things like Active Directory domain membership and

being part of the routable corporate IP network. Extending those

services, and automating the extension of those traditional on-

premise platforms can require different approaches, when dealing

with different service providers.

Simply put, businesses need to think about establishing

strong, seamless integrations between traditional on-premise

infrastructure platforms and public cloud services. Technical

experts in each company that are responsible for infrastructure

platforms and services, must understand how their architectural

roadmaps will need to change to enable the public cloud service

integration points that their businesses will require to remain

competitive.

With a traditional on-premise data center, there are a lot

of standards and best practices, especially when it comes

to topology and system requirements. Industry-established

techniques for standardizing and provisioning on-premise IT

infrastructure might seem applicable to the cloud, but there are

new considerations that can make the provisioning of cloud-based

environments much more complex.

After all, there is no one-size-fits-all roadmap for using the cloud,

and when considering the breadth of different IaaS and SaaS

services available, there won’t be a single cookie-cutter standard

for building the best hybrid IT environment. Further adding

complexity, cloud vendors have their own set of provisioning


interfaces, often giving customers the option to provision services

through a web portal or a published API interface.

5. Operations

InformationWeek reported that everyone must work together to

support a unified architecture model in which storage, networking,

Teams must work in cohesion with a variety of different skills as environments blend together and some tasks span multiple technical boundaries.

Microsoft’s Azure is a great example of how building cloud

environments can become challenging due to the ability to drive

provisioning automation with Windows PowerShell. Microsoft

maintains a Windows Azure PowerShell cmdlet library to help

automate and customize the provisioning of Azure public cloud

services. For companies that don’t leverage the Azure cmdlet

library, the manual provisioning of Azure resources can be

cumbersome and time-consuming. Organization’s that don’t

properly plan for the development of new automation capabilities

can struggle to gain traction with cloud adoption initiatives.

After construction and integration, IT teams are challenged with

the task of maintaining operations with their newly deployed hybrid

environments. Whether integrating with IaaS services such as AWS or

Azure, or migrating back office productivity platforms to SaaS

offerings such as Office 365, the new challenges associated with

operating these systems are often underestimated. Small aspects

of cloud environments might cause standard practices to become

jobs of the past, because supporting cloud platforms and services

demands a different focus of operating procedures and skills.

For decades, IT organizations have been positioned to give one

person the reins to a specific technical area, i.e. networking,

backups or email. Essentially, there was always a role for a specific

task in operations. However, that is no longer the standard in the

cloud. Teams must work in cohesion with a variety of different skills

as environments blend together and some tasks span multiple

technical boundaries.


and programming all support the same goals.1 Therefore, cloud

engineers need to understand everything that their technologies

interact with, because this will grant them the foundational

knowledge to support all cloud ventures. The source explained

that cloud engineers must become “jacks of all trades.”

OpenSky perceives this operational shift as a gradual one,

commensurate with the adoption of cloud services in an

organization. We anticipate that many of our larger enterprise

clients will continue to require subject matter expertise and

operational focus across traditional infrastructure technologies,

(i.e. storage, network, compute, virtualization, etc.). At the same

time, we are working with those customers to help develop the

procedures and operational knowledge required to enable their

IT teams to operate in a Hybrid environment as cloud adoption

continues to increase.

6. Cloud Maturity How you tokenize identity and manage its traceability needs to be a factor in your overall IAM strategy.

The public cloud has been around for more than a decade at

this point, but the underlying compute, storage, network, and

virtualization technologies are just reaching levels of maturity that

are enabling broad levels of adoption. This relative state of infancy

and evolution introduces a unique challenge to businesses,

because there is no guide or standard roadmap to follow. Adding

more complexity to the issue, cloud services are evolving

frequently and drastically, much faster than traditional on-premise

platforms and applications.

In the past two to three years, IaaS providers like AWS and Azure

have drastically evolved and improved their ability to secure data,

provide fault tolerance and disaster recovery capabilities for

applications. These trends are likely to continue as technology

advances march onward. While the rate of change can tear down

barriers for cloud adoption, it can also create challenges.


Staying up to date and informed on all the changes taking place in

the cloud computing industry could be a full-time job in itself, as IT

teams work out the business use case for each new feature and

capability, as well as how to support them.

Lighting the Shadows of Clouds

Integration of cloud services with traditional IT infrastructure

platforms is not a one-time project. It is a foundational component

of how successful organizations manage their IT assets. Executives often lack a complete understanding

Sources: 1.networkcomputing.com/careers-and-certifications/building-cloud-computing-skills/a/d-id/1316747

In general, all of the cloud challenges facing businesses can

be boiled down into a single statement: Executives often lack

a complete understanding of the complexity of cloud service

adoption, and that can lead to integration, security, and operational

shortcomings. However, these problems can be avoided if

businesses take the time to work out the architecture and

integration points, as well as developing organizational alignment

for a successful implementation.

of the complexity of cloud service adoption, and that can lead to integration, security, and operational shortcomings.


OpenSky Corp

Tolland, CT 06084

866-302-3941

www.openskycorp.com

[email protected]

One Technology Drive

http://www.openskycorp.com

Documents

Cloud and SaaS Integration - TUV Rheinland OpenSky...IAM strategy. If your employees and other users leverage cloud services along with other internal services, and leverage mobile