The D&D Dungeon Master that controls every corporation’s IT department has been slowly poisoning the minds of the enterprise business leaders everywhere against cloud based infrastructure. Without full control of the enterprise infrastructure how can a simple Dungeon Master hope to one day achieve world domination? Many enterprise IT organizations admonish their business counterparts that begin discussions of cloud infrastructure. The IT organizations state that the cloud is not secure, cannot meet their needs in regards to federal laws and industry regulations, and cloud infrastructure is more expensive. These reasons are not only invalid, but they are costing organizations millions of dollars per year. This blog series will cover techniques, tools, and strategies for enabling your organization to leverage cloud infrastructure to improve process, decrease costs, and create a better working environment for employees.
The advantages of cloud computing have been enumerated time and time again by industry leaders, software developers, and even by the CIA. With Cloud Foundry, OpenStack, Heroku, AWS, Azure, and numerous other providers coming into full maturity it has almost become common sense for software developers to leverage cloud computing throughout the development process. The following delinates a few of the advantages of cloud computing:
- Organizations trade CapEx for OpEx and only pay for what they use
- Higher quality Disaster Recovery
- Faster Data Recovery
- Respond to changing business landscape more quickly
- Leverage rapidly changing industry best practices without any effort by the Organization.
Many enterprise organizations utilize their hardware infrastructure to run third party software and custom software applications created internal to the organization. Software developers love cloud infrastructure for running large scale systems. Developers love it for deployments. Developers love it for serving millions of photos of cats. One of the primary reasons developers enjoy working in a cloud environment is they are not required to think about the infrastructure. The developer can write their software, and then click a button or run a command to see their software deployed without knowing the details of routing tables, subnetting, or what a WAF is. While this speed is advantageous to the developer, the IT staff that is responsible for adhering to security and regulation requirements for the enterprise must not be forgotten.
Future posts in this series will focus on the details of security, regulation adherence, and costs for running a cloud infrastructure but let’s analyze each at a high level here. The first complaint by IT organizations about cloud infrastructure is they are not as secure as a hosted data center. Using AWS as an example, the following is a list of some of the security procedures available to your organization:
- Built in firewalls, both internal and external.
- Encryption in transit with TLS across all services
- DDoS mitigation technologies
- Encryption at rest for databases, file storage, and data warehouses
- Dedicated hardware-based cryptographic key storage options
- Identity and access management capabilities
- Multifactor authentication for privileged accounts
The second reason enterprise organizations fear the cloud is federal and industry regulations requiring special configurations for a data center. AWS, Azure, and Rackspace all have certifications to prove their regulatory compliance with many federal laws and industry standards. The following is a small list of AWS’ certifications. For a full list see here.
- PCI DSS Level 1
- SOC 1, SOC 2, SOC 3
- ISO 9001
- ISO 270001
- DoD SRG Levels 2 and 4
Finally, the cost question for the enterprise can be extremely variable for each organization and will require a detailed break even analysis to answer the question of whether the cloud will be cheaper. A general strategy for defining your break even analysis will be demonstrated in a future post to give you the details you need to help make the decision about whether to move to the cloud.
The three primary reasons IT organizations within the enterprise fear moving to the cloud are security, compliance, and costs. This blog series will address each fear in turn and give you the information you need to make a decision on using the cloud for your enterprise organization. Check back for our next post in the series that will address the state of security in a cloud infrastructure.
If your organization would like assistance determining your organization’s cloud strategy, please reach out to us at Levvel and we can get you started.