A quick recap of the first part of the blog – the house moving dilemma of choices – #1 – Pretense – use all your legacy learnings of the old home and continue using the same in the old home aka lose out on the cutting edge capabilities your new sanctuary provides, #2 – Abandonment – Rid your memories of all the good (and bad) practices and learnings and start anew in the new home like it’s your first home and #3 – Conjoin – The best of both. Take the principles – not the practices and the behavior – and enforce those on top of the new offerings the new home provides even as you learn the extended capabilities by and by.
And then I left you with a teaser about how this home analogy is the state of the enterprise today. And the challenges that CIOs and CSOs are facing today in their journey to the Hybrid Cloud. Let’s dig in.
1. Pretend aka Public cloud is Private Cloud on steroids
This is an ‘easy’ (ok easier) path that some enterprises are adopting. What does this entail? It means they check the box of going to public cloud but really use it exactly like they were using it on-prem. Typically this involves your SDDC (software-defined data center) vendor who you know (and trust?) and they entice you with their offering on the public cloud that smells and tastes the same. All your training, certifications and policies can be used as-is. For the CISO, this pretense continues where you can use the same sorts of on-prem access control VPN policies in this new world. Clearly, as you may have guessed, this leaves a lot to be desired. The exposure to the new world isn’t there, what could be done differently, more efficiently from a CIO’s perspective. From a CISO’s viewpoint, are there more effective security controls that could be used. Also, does the public cloud have newer threats that need addressing?
2. Abandon aka Make public cloud your only home
This is the other extreme. Where due to inability to hire, spiraling costs, outages … you decide to move into public cloud for everything. Yes, it’s a daunting task especially if you have a lot of legacy software, but lots of enterprises have successfully done it so it is definitely possible. And there is an underlying sentiment of ‘running away from something’ as much as there is the allure of ‘public cloud nirvana’. And in this haste to migrate some of the best practices get lost in this jettisoning movement. This is a travesty. Why? Because the policies of your private data center as it pertains to access policies, log analysis, firewall controls, costing metrics – may all provide a great starting point even in the public cloud. But the cool sounding public cloud services typically garnished with a dose of AI may even make you embarrassed of your own legacy policies and consequently left in the dust. #NotCool
3. Conjoin aka Self-aware public cloud adoption
You can see my shameless bias. This is where we enterprises need to be. Take a magnifying glass and capture all the policies, controls, analysis that have worked perfectly in your private data center and chronicle those. Investigate all of the offerings (this changes all the time so be prepared for this to be an ongoing investment) that the public cloud of choice has – educate, educate, educate. This is not just from the provider’s manuals but by talking to other users, consultants who have walked this journey before so you are getting a pragmatic view of what this cloud has to offer for your particular environment. Then – this is the most critical piece – layering what you have chronicled on best practices on top of the chosen subset of these cloud services – for your first phase. Note that is both for the CIO and CISO. The cost and efficiency lens as well as the protection and availability lens. But even more importantly is the new capabilities that the cloud has from a security standpoint that you were never aware of that could come back to bite you (recall the S3 exposure).
So there you have it. Much like the house migration, the public cloud migration offers a myriad of choices. While the ‘conjoin’ choice should be the ideal one for most enterprises, there could be situations where a ‘pretend’ or ‘ abandon’ may be right for you. What is most important is to take an unbiased view to evaluate all the options before your journey but also periodically assess the efficacy and the security of the options chosen against the constantly changing landscape of the public cloud and your own evolving enterprise principles. #HappyJourneying