Welcome!

Microservices Expo Authors: Pat Romanski, Elizabeth White, Derek Weeks, Mano Marks, Liz McMillan

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Agile Computing, Release Management , Cloud Security

@CloudExpo: Article

Security and Control in the Cloud

Three migration rules to break

Cloud computing is so alluring. The public cloud economizes infrastructure resources and creates a scalable, on-demand source for compute capacity. Additionally, the cloud can be a strategic asset for enterprises that know how to migrate, integrate and govern deployments securely.

Apple co-founder, Steve Wozniak recently said, "A lot of people feel 'Oh, everything is really on my computer,' but I say the more we transfer everything onto the web, onto the cloud, the less we're going to have control over it."

In fact, over 70% of IT professionals worry about security according to an IDG Enterprise Cloud Computing Study.

Boiled down, security, access and connectivity are really issues of control.

As any prudent cloud user, the application has its own unique security features, such as disk encryption and port filtering. But do these layers of security features overlap or conflict? What happens to ownership after migration? Do solutions really have to be architected before and after deployment?

Take an application-focused approach to security from the beginning. The application-controlled, application-owned security layers will ease the decision to deploy, test, and develop in the cloud and save on IT training and time along the road.

Control of Security: Who Has It?
Part of the "magic" cloud providers and vendors supply is wrapped up in layers of ownership and control in the form of firewalls, isolation, and the cloud edge. Most enterprise application owners hope that these layers will cover the possible gaps in security after migration. Unfortunately most enterprises need security controls they can attest to and providers ultimately own and control these security features.

Unfortunately the needs and concerns of the cloud service provider are distinctly different than the needs and concerns of the enterprise cloud service user (the application topology deployed to the cloud and its owner). Security loopholes can exist because there are gaps between the areas users and providers control and own. The known boundary between what the cloud user can control and view and what the cloud provider can view and control is the root source of enterprise executives' concerns with public cloud.

The provider-owned, provider-controlled features (as in the cloud edge, cloud isolation), the provider-owned, user-controlled features (or the multi-tenant API controlled router/ hypervisor), and the app-owner, app-controlled features (OS port filtering and disk encryption) can be configured in an overlay network to give the user the ultimate control of security.

Application-to-cloud migration and software defined networking (SDN) capabilities out there offer additional, overlapping layers of control and security that span the spheres of the traditional cloud layers.

In order for cloud projects to succeed, IT executives need methods and tools they can attest to and can pass audit. Understanding the perimeter of access, control, and visibility between the application layer and the cloud provider layers is the first step to a less painful cloud migration. With this knowledge enterprises can then design a migration process that fits their use-case to deploy application topologies to the public cloud in a secure and controlled fashion.

Three Migration Rules We Recommend Breaking
Today's migration "rules" create more hurdles than solutions. Rapid industry changes, lack of standard security approaches, and the confusion on the proper steps to cloud deployment cause enterprises to overlook the issues of application-level control.

In fact, application-centric concerns are not even being addressed. Popular migration advice urges enterprises to tackle huge hurdles before and during migration, including deploying all at once, re-architecting before migration, and postponing the cost benefits of using the cloud.

Break the following three migration rules and it is possible to renovate more efficiently, capitalize on the cloud's economies of scale, and quickly, easily, and securely control enterprise networks and applications in the cloud.

Rule 1: Deploy all at once or not at all
Just as lemmings became extinct by all jumping in head first, most enterprises require time to analyze and adjust to new technologies before committing serious time and effort. Employees, customers, and shareholders would not be happy if companies jumped into new technologies without first proving value. Thankfully, enough enterprises, organizations and governments have already seized the benefits of the cloud's flexibility, cost savings, and connectivity.

Now, the challenge for IT professionals is to find the cloud architecture and provider(s) that fit their enterprise's needs and avoid having to reinvent the cloud to do so. With proven solutions in the market, enterprises can skip the bare metal to virtual to test cloud development life cycle. Simply deploy directly to any cloud environment, develop, test, then release to speed the time to market.

Rule 2: Re-architect before migration
Most providers and brokers want enterprises to spend time and effort to re-build IT systems and as a result re-learn/re-train before migration. Advice articles list migration steps of parsing applications, virtualizing, re-architecting and then migrating. Cloud pundits advise IT professionals to be wary of all cloud security and take valuable time to renovate before migrating - which will slow down the process and postpone or even wipe out the financial benefits of the cloud.

The traditional datacenter has too much knowledge flowing in a vertical direction from application to infrastructure and infrastructure to application. Migrating to the cloud before the renovate, design, or innovate steps can cut down on the upfront hassle by removing the burdens of re-architecting and re-learning skills before migration. Saving time, IT resources, and forgoing the arduous re-training speeds up the process for migrating to the cloud and ultimately how the organization capitalizes on the cloud's flexibility.

Rule 3: Pay upfront for design and renovation costs
Why stop with the cloud's physical economies of scale when there are potential savings on the costs of IT overhead? The same time and effort put into saving "design economies of scale" can be used to save major overhead costs too. A single migration, rather than the process of backup, re-architecture, and then migration is more cost-effective. Why wait for cost savings until after migration when there is an option to realize faster deployment and speed to market?

The added customization and control needed to migrate in a logical set of steps puts the control and security solidly back into the application layer.

Enterprises will likely face a long, slow migration to the cloud but, with the tools to capture the efficiency of migrating through logical steps before designing, the process can be significantly less painful. The application-controlled, application-owned security layers will ease the decision to deploy, test, and develop in the cloud and save on IT training and time along the road.

Conventional wisdom is missing the application layer importance of security and control in the cloud. So only one migration question remains - why take the stairs when you can take the elevator?

More Stories By Patrick Kerpan

Patrick Kerpan is the president and chief technology officer (CTO) for CohesiveFT, provider of onboarding solutions for virtual and cloud computing infrastructures. CFT's Elastic Server platform is a web-based factory for creating, deploying, and managing custom multi-sourced servers comprised of horizontal, open source and third-party software components. Additionally the VPN-Cubed packaged service gives customers control of networking in the clouds, across clouds, and between their private data center and the clouds. In this role, Kerpan is responsible for directing product and technology strategy.

Kerpan brings more than 20 years of software development experience to the role of CTO and was one of CohesiveFT's founders in 2006. Previously he was the CTO of Borland Software Corp which he joined in 2000 through the acquisition of Bedouin, Inc., a company that he founded. Kerpan was also the vice president and general manager of the Developer Services Platform group at Borland, where he was instrumental in leading the Borland acquisition of StarBase in 2003.

Before founding Bedouin, Inc., Kerpan was a managing director responsible for derivatives technology at multiple global investment banks.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, contrasted how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He showed how the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He also demoed building immutable pipelines in the cloud ...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
True Story. Over the past few years, Fannie Mae transformed the way in which they delivered software. Deploys increased from 1,200/month to 15,000/month. At the same time, productivity increased by 28% while reducing costs by 30%. But, how did they do it? During the All Day DevOps conference, over 13,500 practitioners from around the world to learn from their peers in the industry. Barry Snyder, Senior Manager of DevOps at Fannie Mae, was one of 57 practitioners who shared his real world journe...
Containers have changed the mind of IT in DevOps. They enable developers to work with dev, test, stage and production environments identically. Containers provide the right abstraction for microservices and many cloud platforms have integrated them into deployment pipelines. DevOps and containers together help companies achieve their business goals faster and more effectively. In his session at DevOps Summit, Ruslan Synytsky, CEO and Co-founder of Jelastic, reviewed the current landscape of Dev...
When building DevOps or continuous delivery practices you can learn a great deal from others. What choices did they make, what practices did they put in place, and how did they connect the dots? At Sonatype, we pulled together a set of 21 reference architectures for folks building continuous delivery and DevOps practices using Docker. Why? After 3,000 DevOps professionals attended our webinar on "Continuous Integration using Docker" discussing just one reference architecture example, we recogn...
2016 has been an amazing year for Docker and the container industry. We had 3 major releases of Docker engine this year , and tremendous increase in usage. The community has been following along and contributing amazing Docker resources to help you learn and get hands-on experience. Here’s some of the top read and viewed content for the year. Of course releases are always really popular, particularly when they fit requests we had from the community.
In their general session at 16th Cloud Expo, Michael Piccininni, Global Account Manager - Cloud SP at EMC Corporation, and Mike Dietze, Regional Director at Windstream Hosted Solutions, reviewed next generation cloud services, including the Windstream-EMC Tier Storage solutions, and discussed how to increase efficiencies, improve service delivery and enhance corporate cloud solution development. Michael Piccininni is Global Account Manager – Cloud SP at EMC Corporation. He has been engaged in t...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
In his General Session at DevOps Summit, Asaf Yigal, Co-Founder & VP of Product at Logz.io, will explore the value of Kibana 4 for log analysis and will give a real live, hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. He will examine three use cases: IT operations, business intelligence, and security and compliance. This is a hands-on session that will require participants to bring their own laptops, and we will provide the rest.
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
"We're bringing out a new application monitoring system to the DevOps space. It manages large enterprise applications that are distributed throughout a node in many enterprises and we manage them as one collective," explained Kevin Barnes, President of eCube Systems, in this SYS-CON.tv interview at DevOps at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud enviro...
The evolution of JavaScript and HTML 5 to support a genuine component based framework (Web Components) with the necessary tools to deliver something close to a native experience including genuine realtime networking (UDP using WebRTC). HTML5 is evolving to offer built in templating support, the ability to watch objects (which will speed up Angular) and Web Components (which offer Angular Directives). The native level support will offer a massive performance boost to frameworks having to fake all...
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
As the race for the presidency heats up, IT leaders would do well to recall the famous catchphrase from Bill Clinton’s successful 1992 campaign against George H. W. Bush: “It’s the economy, stupid.” That catchphrase is important, because IT economics are important. Especially when it comes to cloud. Application performance management (APM) for the cloud may turn out to be as much about those economics as it is about customer experience.
When you focus on a journey from up-close, you look at your own technical and cultural history and how you changed it for the benefit of the customer. This was our starting point: too many integration issues, 13 SWP days and very long cycles. It was evident that in this fast-paced industry we could no longer afford this reality. We needed something that would take us beyond reducing the development lifecycles, CI and Agile methodologies. We made a fundamental difference, even changed our culture...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...