We have all heard of cloud computing and we all know what it does. It’s undeniable, the cloud has revolutionised IT and will ultimately replace a significant portion of today’s IT services. Yes, it’s here to stay.
With such a saturated and competitive market, vendors are offering an array of cloud models and services, which are relatively easy to acquire. Whether it is public, private or hybrid, enterprises’ choices in the cloud are endless.
Nowadays, they can even choose to adopt a private or hosted cloud today and a public cloud model tomorrow. Gone are the days when different “clouds” couldn’t be combined. While this may provide enterprises with more flexibility and the freedom of choice, it can also hinder their governance, control and oversight of their IT infrastructure.
Take NASA for example. NASA recently released a report, auditing its progress of cloud adoption between June 2012 and June 2013. Ultimately, the organisation wanted to take advantage of the flexibility provided by the public cloud, but had no way of controlling employee usage. It found weaknesses in its IT governance and risk management practices, which had impeded the agency from fully realising the benefits of cloud computing and put its systems and data stored in the cloud at risk.
A lot of resources were being consumed without official policy or governance. One environment in a public cloud wasn’t under any corporate policy for 2 years, which obviously posed moderate security concern. Moreover, on five separate occasions cloud services were acquired using contracts, which had failed to fully address the business and IT security risks, unique to the cloud environment.
The infamous space agency claimed that this was all down to a lack of oversight authority and security measures, which weren’t implemented to ensure the cloud provider met its IT security requirements. Time and time again, we deal with enterprises like this that deploy public environments without implementing the right security controls for access and usage.
Equally, we also find a number of enterprises test and deploy a development environment into the likes of Amazon, but its only after they’ve built it that they realise how difficult it is to manage, when they bring it back into the organisation. They are therefore left with managing their internal infrastructure separately to their external infrastructure, which is by no means efficient in the long run.
The light at the end of the tunnel
The cloud is designed to bring agility, flexibility and efficiency to a business. But too often services are acquired and cloud models are deployed without the right controls, measures and authorisation, which ultimately leave enterprises vulnerable and at risk. In order for a business to capitalise on cloud services and reap its benefits, policies, controls and processes around the access and consumption of resources must be enforced and in place.
There is a light at the end of the tunnel. Managing and controlling multiple clouds or the rogue use of the cloud need not be a daunting task. With the right cloud management platform, seamless integration can be automated, your control and processes can be unified and consolidated, and you can maintain governance and oversight of your IT. It’s not rocket science; it can be done.