The key foundations of an effective Cloud Operating Model
Thu 6 Aug 2020 | Richard Simon
Cloud principles and goals must be served by an architecture intended to innovate on the organisation’s needs and continuously deliver on its long-term goals. Richard Simon, co-founder, MultiCloud Global
The first era of cloud computing has been over for some time now, so what are you still doing lifting and shifting your data centre into the cloud?
Today, organisations moving to the cloud must do more than merely ‘copy and paste’ what they have in the data centre, directly into a cloud environment. Organisations should look at delivering IT as a service to the business and/or their customers, rather than as a technology platform, where applications reside.
When it comes to building a dynamic, scalable and iterative Cloud Native architecture, organisations must bear in mind four factors: Networking, Security, Provisioning and Operations. These are fundamentally affected when moving to the cloud and thus have an impact on everything else that relies on them.
In this article, I will be discussing two of the four factors – Networking and Security – as these are core to achieving a Cloud Native backbone design that determines how everything else behaves. I’ll summarise the main differences that organisations need to consider when it comes to delivering applications running on a cloud platform, in contrast with heritage environments.
Organisations are now right smack in the middle of Digital Transformation (DX)– of varying shapes and sizes. And if they weren’t, the Covid-19 crisis has certainly forced those plans to kick-start sooner or be accelerated, as workforces entered into the lockdown state of having to work from home.
These DX efforts – while positively aimed at delivering value and innovation more quickly and at scale – translate into a huge headache for IT organisations, as they try to shift from being a cost centre and into a business enabler: trying to become part of the solution, not the problem.
In order to achieve a faster Time-to-Value, organisations have started looking towards cloud computing (I’m using this term to represent a general and broad spectrum of activities), with various degrees of success and delivering on all the promises of cloud that were touted at the beginning of this new era.
I have worked with customers that are at various stages of this ‘left-to-right’ shift. Some have jumped into the cloud for all the wrong reasons (“the boss said so”, “to save costs” and so on) and effectively, brought all the mistakes they made in the data centre with them!
Others have managed modest success only, hitting the brick wall of workload migration. While others still have established a beachhead in the cloud but not innovated further by taking advantage of the latest cloud concepts such as Containers, Orchestration, Analytics (AI/ML), DevOps, Microservices, Serverless and Observability (mainly due to poor cloud architecture).
The shift to cloud means organisations need to break out of the ‘addictive cycle’ of buying dedicated infrastructure and perpetual software licenses that inhibit (some might say, dictate) the level of innovation that an organisation can experiment with and utilise, not to mention the pace, to achieve business goals.
An organisation’s IT strategy and enterprise architecture must be rebuilt with a foundation that delivers innovation not just for today and tomorrow, but for the next 5 to 10 years. An architecture based on a Cloud Operating Model must be at the heart of such a strategy in order to cater for both existing and new Cloud Native services.
Let us now examine two factors of that foundation:
In the data centre, we are used to taking care of servers, which need a great deal of feeding and watering in order to survive and overcome problems. We tend to treat our servers as pets that need constant care. Data centres use domains, static IP addresses and hostnames for servers to resolve how to locate resources and applications — the equivalent of looking up a number in a phone book.
In a cloud environment, there’s no focus on host servers, as such – the aim shifts to what service is being offered by the host instead, bringing it all back to the application. Technically, this is backed up by a dynamic approach to IP addresses, logical segmentation of connectivity and a Service Registry which provides a catalogue of the services available in the cloud, to both users and other applications.
If an application requires a database, it makes this request to the Service Registry and this then puts the application in touch with a database service, changing the emphasis from the host to the service.
The data centre adopts a ‘castle and moat’ approach to security implementation – using firewalls for perimeter protection and the likes of directory services for app-to-app authentication – to achieve a High Trust environment.
This is mainly delivered by services such as Active Directory/LDAP, Service Accounts (usually embedded inside applications somewhere) and passwords that never expire, probably exposed by being placed inside a plain text or configuration file. This type of security usually leads to some very non-standard and downright insecure practices, when it comes to dealing with credentials.
On the other hand, cloud automatically assumes a Zero Trust environment and short-lived Identity and Access Management (IAM) – issued by a Secrets Manager as an independent source of authority – in order to maintain greater security by introducing a central and dynamic issuer of authentication (AuthN) and authorisation (AuthZ), to reduce exposure from misconfiguration and deliberate hacking. A Secrets Manager can also handle encryption requirements for data (both at rest and in-flight), as well as offering backwards compatibility with directory services.
Looking forwards, cloud principles and goals must be served by an architecture that is intended to innovate on the organisation’s needs and continuously deliver on its long-term goals. To move to the cloud, IT departments need to deliver a comprehensive and innovative Cloud Operating Model that will help the business maintain its current operations, as well as provide a platform for innovation and agility, to meet tomorrow’s demands.
Without good design and governance of the factors discussed in this article, it’s difficult to achieve success in a cloud environment. While some modest goals can be attained, these would only yield short-term gains and at the expense of future-proofing one’s cloud footprint and ambitions.
In a future article, I aim to provide a further breakdown of the remaining factors of Provisioning and Operations to help clarify why these are also perceived as a crucial part of the Cloud Operating Model.