Embarking on cloud journey brings its own challenges in managing the cloud, most organizations require a different environment depending on the business needs for better visibility, maintenance compliance and know the cost of operations.
Cloud is the backbone and foundation of digital transformation in its many forms. Cloud is essential for business to provide great end user experience and place companies on fast track, cloud native digital transformation allows superior flexibility as businesses undertake this process.
Embarking on cloud journey brings its own challenges in managing the cloud, most organization require a different environment depending on the business needs, this brings complexity in not only setting up the cloud workloads but also management of these workloads and services.
How do enterprise then manage this complex multi account environment, there is need for framework which can help in large scale cloud adoption in an efficient and streamlined manner, this concept cloud vendors call it as landing zone which has pre-configured environment with a standard set of secured cloud infrastructure, policies, best practices, guidelines, and centrally managed services.
Cloud Landing Zone identifies critical actions and goals that will consistently enhance enterprise cloud journeys. The goal of a landing zone in the Cloud is to have guardrails in place that allow you to onboard different teams and applications and divide them over multiple accounts so that the workloads are secured and isolated and where security controls are managed centrally.
Let’s see what are the challenges of not having framework in the enterprises
- Unified security policy is not applied across work loads which leads to compliance issues and security risk.
- Resources tagging if not done properly then billing and monitoring will be challenging and cost distribution will have an impact.
- Data security breach without clear protection policy.
- Lack of control on the development and production environment which required different policies for workload protection.
What benefits landing zones will provide for the enterprise.
- Enterprise Enrollment and Multi tenants
Cloud adoption needs to subscribe to one of the models from the cloud providers and follow up with tracking subscription management which is a multi-faceted operation that needs handled efficiently and accurately produces long-term benefits to enterprises in terms of cost management and effective use of cloud, inefficiency will have skyrocketed opex cost which doubts if cloud is really cost effective. Organization can have distributed enrollment for different environments with clear defined mandatory corporate policy which centrally applied to all tenants, this ensures there are no breaches and critical data in the cloud is protected, business will need multiple tenants to simulate customer environment for development & testing this can be isolated with different policy requirements. Cloud provides great flexibility to meet such requirements for business.
- Centralize identity access management.
Centralize IAM for enterprises is cost-effective solution for verifying users identities and allowing them access to only the resources they need, this integrated with Multi factor authentication provides additional protection, IAM provides segregated roles and responsibility depending on the workload and resources, different environment can be protected based on policy defined by centralized protection policy, IAM allows to have seamless access to different application SaaS, modern app hosted on cloud providers, it can also consolidate identity from multiple IAM to provide access modern applications from centralized user identity.
- Management Groups and multi-account organization
Cloud providers allow access to resources through structure called management groups which is a simple yet powerful way to help manage access within a cloud environment, these also use blueprints to automatically create different instances and policy is applied based on company compliance and operations needs. When the organization is large there is a need to have multiple accounts created for business and IT services.
This is crucial to ensure the production data used by employee engagement is segregated from business units usage for protection of data, compliance and accessibility. Defined framework can have standard policy for multiple accounts based on the roles and responsibility.
- Network topology and connectivity
Applications are vital for modern business operations and the network plays a fundamentally important connectivity role to and across application portfolios housed in hybrid environments. An agile programmable intelligent infrastructure including platforms and networks enables the rapid deployment of applications and the performance needed for frictionless digital experiences. This helps you maximize price, scale, speed and productivity performance criteria across multiple clouds.
Business demands continuous access to applications the network build which was limited to corporate network has not gone beyond this requires re-architecting connectivity solutions like fast connections, sdwan, virtual wan, cross connects to meet these business demands.
- Centralized management and Monitoring
While companies are moving towards cloud and modernizing applications to meet customer demands it’s also critical to monitor cloud workloads efficiently, its non-negotiable necessity, better visibility and control over key metrics, logs, and flows. This is especially important because public clouds are more likely to produce surprise costs because of poor visibility. Monitoring improves security posture and maintaining ideal application performance.
- Unified business continuity and disaster plan
Business continuity is the capability of enterprises to stay online and deliver services during disruptive events, such as natural disasters, cyberattacks and tele communication failures. It’s important to identify the business disruption like threat analysis, cyber attack, natural disaster, configuration errors.
Clearly defined process on how to switch to BCP/DR when it occurs, the plan should have checklist on criticall actions to perform, and do simulation once in six months as part of this process it also ensure during outage the system will come back full accessible for customer, simulation identify the gaps in the process applications and configuration changes required in patch cycle it’s important to keep production and BCP/DR in synchronized at all times.
- Security, Governance and Compliance
Cloud is open to public access for resources deployed for application access, this poses cyberattack and increased threat landscape, attackers can use this path to compromise the network and perform destruction and data theft which can have server impact on company reputation and financial impact.
Governance, risk and compliance enable organization to establish cyber security maturity across the organization, this practice identifies gap analysis, status of compliance of workloads on the cloud, cyber security preparedness, security practices and control room for centralized security view, its challenging for larger organization due complexity of the business, GRC is collective responsibility of every team which have business connect, this top priority for team to maintain the required security and compliance level for continued business.
- Platform Automation and DevOps
Automation has a critical role to play in the modern-day enterprise, its key technology trend to adopt for delivering value to customers, businesses have to adapt fast in a constantly changing landscape. They need to perform network or application configurations and scale up their systems as and when required.
Resources should scale up or down to meet demand or respond to failure, such rapid pace of change can be done only through specialized automation platform devops plays a critical role in streamlining the automation process, there are cloud native automation or specialized automation tools available which can assist in delivering such services. Cloud orchestration helps to integrate, manage, and deploy network devices, virtual machines, and routers in an efficient and timely manner.
As enterprises adopt cloud technology depending on business demands and complexity, they can use the multi-account environment to help them plan their cloud infrastructure. There is a need for a framework which will address infrastructure, compliance, governance and security requirements while allowing organizations to scale and change their environments in response to changing business demands. Cloud is not a complex environment however the perspective has to change on how the environment can be simplified for usage and ensure the cost of operations is effective for business.
Cloud was managed through a single account eg development, testing, staging, and production. The problem of having to manage multiple environments within a single account is a cause of concern if the security isn’t managed properly. Another disadvantage is the lack of scalability, flexibility to onboard new teams and applications, and the lack of central control and monitoring.
A landing zone allows you to quickly set up a Cloud environment using automation including best practice configurations for security so you can focus on your core business.
The author is Director – IT at Capgemini India.
Disclaimer: The views expressed are solely of the author and ETCIO.com does not necessarily subscribe to it. ETCIO.com shall not be responsible for any damage caused to any person/organization directly or indirectly.