No one wants to buy something only to realize afterward that there was a “gotcha” they didn’t expect. As cloud becomes more mainstream, I’m finding myself in more and more discussions with clients that feel they rushed past some preliminary processes and discoveries and are looking to right the ship. As with anything, the carpenter’s rule is essential: measure twice, and cut once. The same goes for changing how you deliver services to your organization as the information technology practice. I’m going to go through three of the top conversations I have on a regular basis.
I frequently hear the word security come up whenever I’m talking with clients about cloud. While that may be a top concern, it is very broad. The bulk of my security conversations revolve around authentication and access/authorization in some form or fashion, but can quickly spiral to literally hundreds of use cases.
Finding, implementing and maintaining an identity platform for authentication are the critical first steps, regardless of the cloud delivery model you are looking at. You need to ensure first and foremost that it allows, as Gartner says, “the right individuals to access the right resources at the right times for the right reason.” This is often overlooked, the thinking being that Active Directory can fill that void on its own. Luckily, there many well-established identify and access management (IAM) and IdP vendors to help with just this. Make sure to explore IAM before jumping into anything in the cloud. (Cloud access security brokers, CASBs, are another closely linked topic that comes up in these conversations.)
Now that you’ve chosen a cloud application (SaaS) or platform (IaaS or PaaS), how are you going to connect? Over public internet? VPN? Backhauled through your MPLS? The real answer will lie in what service you’re delivering. I generally split up into two camps: SaaS and IaaS/PaaS.
Most SaaS apps can easily be run over the internet and use TLS and SSL to encrypt data. In some cases, clients need a dedicated connection for things like QoS or to stay in-line with existing policy. In those cases, most popular SaaS apps that need those features offer a vehicle to procure one of the additional options below.
IaaS and PaaS platforms (such as Azure, AWS, GCP, etc.) generally offer four ways to connect:
- VPN: free, but no bandwidth guarantees
- Direct Circuit: dedicated bandwidth; one-to-one relationship between you and carrier
- Cloud Exchange: dedicated bandwidth; one-to-many relationship where the exchange acts as a broker to multiple carriers and to multiple cloud platforms
- SD WAN: varies from provider, but offers option to get additional security and performance via broadband or blending MPLS and broadband
Storage area networks (SANs) have made the idea of tiered storage second nature to most IT shops. Some of this changes, though, when we start talking about cloud. While no one can deny that the cost of some cloud storage is ridiculously cheap (for example, Oracle Archive Storage for $0.001/GB), that doesn’t mean it will still have the same features and functions as your SAN.
The best approach here is to determine which bucket you fall in for a specific service or need. For example, there are different needs for applications, file storage, database disk, backup and archive. The biggest thing to know here is that this very cheap object storage cannot do anything until there is software to talk to it. So don’t jump up and down when you see that price until you have the cost of all the pieces to deliver the service (i.e. backup, NAS replacement, email, web app, etc.).
You can’t move an application’s data without moving all your servers (compute) too. You can’t move your file data without having a service that can turn cloud storage into a network file share. And you can’t use the cloud for backup or archive without software to talk to the specific cloud storage you want to use.
So keep in mind that there is no right or wrong way to begin your cloud journey, but there are definitely some tips that may make the road smoother when you take the trip.