How a Hybrid Cloud Strategy can Boost Security

Enterprises today are facing some difficult choices. They operate in a world in which anyone anywhere—armed only with a good idea and a credit card—can compete with them on an even footing. This is possible because the cloud has democratized access to large amounts of computing power and

Enterprises today are facing some difficult choices. They operate in a world in which anyone anywhere—armed only with a good idea and a credit card—can compete with them on an even footing. This is possible because the cloud has democratized access to large amounts of computing power and an unprecedented breadth of services and capabilities.

By Anthony Butler

At the same time, enterprises are incumbents with legal responsibilities they must uphold and reputations that they need to protect. While these organizations may recognize the value that cloud can bring by accelerating the speed to an increasingly competitive market, they must balance this with the need to ensure security.

It’s not surprising, then, that enterprises almost universally cite security as the biggest inhibitor to cloud adoption. Moving data, services and applications outside the firewall, some maintain, would expose their organizations to additional risk.

Instead, many simply don’t take advantage of the benefits that cloud can offer.While they might believe their firewall is a bulwark against every Internet-born evil and find solace inrows of locked racks in their carefully secured data centers, they may be dying a death of a thousand digital cuts. Every day, more agile, innovative and lean startups are tapping into the cloud to surreptitiously erode their marketshare.

Related: Top 5 Ways to Avoid Cloud Security Issues

Many notions about the risk of cloud were born in an earlier era when there was a simplistic division between private cloud and public cloud, extending even to vendors. If you wanted private cloud, you might go to one vendor who made a virtualization product. And if you wanted public cloud, you would go to another vendor that sold virtual machines online. Conventional wisdom at the time held that private cloud was secure because you controlled it, while public cloud was not secure because someone else controlled it.

It is analogous, perhaps, to an era when people believed storing their savings in a mattress in their home was more secure than putting it in a bank. They control the mattress, and therefore it’s more secure. However, physical control doesn’t equal security. Security is about the type of controls you put around your data to manage accessibility.

Today, cloud has evolved. IBM, for example, offers advanced security capabilities in the cloud and for the cloud. In many cases, enterprises can execute a significant change in their security posture just by moving their workloads to an enterprise-grade cloud provider. However, requirements of the enterprise are rarely so black and white: there are some systems of record applications, such as ERP systems, that should remain behind the firewall for performance, integration, or regulatory reasons. And there are some systems of engagement applications, such as mobile or Internet-scale web apps that should run in the cloud.

Related: Scaling Security Monitoring for IoT and the Cloud

Each type of application has different yet equally important characteristics. For the systems of engagement, the focus is on speed and agility—delivering digital experiences to users on their terms using a channel of their choosing. Yet, for systems of record, the emphasis is typically different: availability, resiliency, reliability, security and stability are key. This dichotomy is what is often described as two-speed IT where there are two competing sets of objectives and approaches. For systems of record, we optimize for functional completeness over speed of delivery. For the systems for engagement, it’s all about minimum viable product and lean startup thinking. For systems of record, we scale up; for systems of engagement, we scale out; for systems of engagement, fail fast is a business strategy and sometimes imperative. However, for systems of record, failing fast can be a disaster.

Organizations need a hybrid cloud. They need a cloud that doesn’t require compromise in addressing the unique needs of these two types of applications. They need a cloud that allows them to simultaneously balance the need for security with the need for speed. They can keep data, applications and services safely secured in a private cloud behind their firewall so they can address their security needs and any regulatory constraints. In addition, they can build out their systems of engagement—mobile or web apps, for example—in the public cloud to take advantage of the speed and agility that cloud offers. It is this vision of enabling hybrid cloud that underpins IBM’s strategy.

However, rarely do systems of engagement exist in isolation. They need to communicate with the systems of record, and we are moving toward a world where there will be many integrated clouds. A new mobile app might need to reach back to the enterprise ERP system, but it will also be accessing data and services that are exposed as APIs from other cloud service providers.

Related: Security Intelligence and the Cloud

The ability to securely integrate cloud-based applications with systems of record such as ERP or CRM systems, as well as between different cloud providers, is key to enterprises unlocking the cloud’s full value. Secure integration services, such as those offered in IBM Bluemix, give an enterprise full transparency and control over these integrations.

There is tremendous value locked inside these systems of record that can be made available through new digital channels, such as mobile or social. And there is value sitting behind hundreds of thousands of APIs that exist outside the firewall. The ability to bring these worlds together securely can be a source of competitive advantage for enterprises with startups and new entrants in their market.

Enterprises of all types should consider a hybrid cloud strategy and how it can enable them to be faster, more competitive and more innovative,without compromising security or regulatory compliance positions. Enterprises need a cloud that doesn’t require compromise: a hybrid cloud.

comments powered by Disqus

What's New