Complexity tends to make everything harder, riskier, and more expensive. Think of a car engine: The more interconnected parts it has, the more avenues there are for engine failure, the more safeguards it needs to keep running, and the more likely it is to need service.
The cloud is no different. Whether public, private, or hybrid, the mass migration of workloads to the cloud, while potentially starting to slow down from its breakneck pace, has introduced new levels of complexity to application deployment and data protection. And, like almost everything else in the tech world, cloud architectures themselves are rapidly becoming more complex.
In part 1 of our three-part cloud data security blog series, we discussed the issue of visibility. Read on to learn how complexity plays a role.
The Multi-cloud Conundrum
This increasing cloud environment complexity is primarily coming from the adoption and use of hybrid and multi-cloud environments.
- 83% of workloads are now virtualized today
- 60% of large enterprises run VMs in the public cloud
- 65% of organizations have a hybrid cloud strategy
While multi-cloud architectures increase scalability and help with continuity of services, they also increase complexity and risk, not to mention costs. Heterogeneity for security systems is not necessarily a good thing, and the ability to have and maintain security systems that spans a multi-cloud environment is very hard to do.
Using multiple cloud platforms increases attack surfaces and diffuses security management across different teams and tools, which, in turn, decreases visibility and increases risk.
What You Can Do to Reduce Complexity for Cloud Security
1. Proactively Plan Your Migration
Enterprises are generally moving to the cloud in small projects and small sprints—i.e., via 20 different projects with 20 different teams with 20 different biases and 20 different types of applications with 20 different types of data.
That’s quite a bit of complexity to deal with.
On top of that, cloud workload migration projects are typically very siloed, so they lack common servers, security, governance, monitoring, and management. And when these systems are deployed, the keys are typically passed off to CloudOps teams that can’t handle the complexity.
The key is to communicate early and often around your cloud migration plan. Develop a larger scheme of things as far as what’s going to happen and make sure your teams have the ability to both set up and deal with common services, security layers, governance layers, monitoring and management layers, and data layers.
2. Break Complexity into Subdomains
This is also known as “abstraction,” or reducing complexity by taking something apart and distributing the pieces of the puzzle to the best possible owner(s) so that unnecessary or extraneous data is removed. Then, those specific teams can focus on what’s most important for their task at hand.
In the cloud world, there are three primary subdomains:
- Application service
Within each of these domains, you should look at the data you’re managing to get to a single set of data or source of truth related to a particular set of business applications and what’s happening with them, and group these applications accordingly.
Then, you have to create the actual physical architecture, which means applying middleware, virtualization, and meta-data management solutions to abstract your teams away from the complexity of the data. You’re not simplifying that actual database but abstracting it into something that’s more workable, like a dashboard that gives every team a holistic view of what’s going on with their cloud workloads.
Your company should do the same thing for all subdomains using the same approach, although each subdomain will likely require different tools and technologies for reducing complexity.
3. Simplify Your Operations via Common Security Layers
Finally, you can reduce the complexity of your cloud data security by simplifying your management strategy via the use of common security layers.
When it comes to the relation between cloud complexity and security, the real threat is the number of tools and resources you need to use to lower risk to an acceptable level. In many cases, this number is beyond what enterprises can afford. Most companies can only increase SecOps resources so much before breaking the bank.
iIt’s also imperative, from a risk management perspective, to understand what code or other elements developers and other service providers may be including that could have an impact on your environment (think Log4J). Having a good configuration management database or other app registry is imperative so that you know what you have and where it lives. Remember: you can’t defend what you can’t see.
The best way to simplify everything is to use common security layers such as Splunk—i.e., technologies that work across cloud brands and cloud services within those brands. Other tools in the marketplace that can help you simplify operations include cloud management platforms, cloud service brokers, multi-platform monitoring, and multi-platform management solutions.
Also—now’s the time to hire the talent you need in the organization to make sure you’re doing proper advanced planning. Cloud migration usually falls under the umbrella of digital transformation—more strategic than tactical. This often means investing in an area that may not provide an immediate return.
Splunk is a Pure Storage® partner. Together, Splunk and Pure provide faster time to answers, simpler infrastructure to manage, and a future-proofed architecture. Pure enables Splunk Classic and SmartStore to deliver results up to ten times faster, requires zero storage experience to operate, and seamlessly scales from tens of gigabytes to tens of petabytes.
And to help standardize and simplify your cloud migration, consider container-based cloud services such as Portworx, a comprehensive Kubernetes data services platform, and Cloud Block Storage, which enables seamless migration between cloud environments, both public and private, without having to refactor applications and also allows you to deliver all the capabilities and features of a Pure Storage Flash Array in AWS or Azure.