Organisations have many choices in terms of how they want to design their hybrid IT architecture, there are many combinations available depending on the needs and the legacy systems of the organisations.
This includes a multi-cloud environment to help IT teams to run each workload where it performs best. Multicloud appeals to cloud-savvy organizations as they recognise that by placing workloads across multiple cloud environments, they can optimise spend and minimize financial risk through increased ROI.
It can deliver tailored cloud services that meet specific business needs on a case-by-case basis. Exploring this model creates incredible flexibility but has the potential to inject greater networking and security complexity.
In a dialogue with FutureCIO, Sandeep Bhargava, managing director of Asia Pacific Japan (APJ) with Rackspace Technology shared his thoughts on how to secure hybrid IT environments.
Embedding security in hybrid IT
Sandeep Bhargava: We have seen security gain importance in the last 20 years as the multitude of technology choices have mushroomed. In the last 12 months, we were all part of a large experiment where we worked from home and had access to applications that were never intended to be accessed outside the office from a security and architectural perspective. This means that CIOs and IT teams must examine application infrastructure to ensure the security of information and data at every step.
We see that security is becoming more important to CIOs. Companies are beginning to realise information that was only accessible from the office can now be accessed remotely. CIOs understand that they need to embed security in each step.
Linking people, technology and process to security
Sandeep Bhargava: As employees move to work from home, they become more vulnerable to all kinds of attacks. Employees need to be made much more aware of their responsibilities when it comes to how they access their company's data, as they previously don't have to consider security breaches while working at the office. This is especially so for industries such as banks and public sector organisations whereby organisations do not allow people to work from home.
The second part is technology. Businesses have to be aware of the difficulty in getting access to data centres while ensuring that most if not all applications can be accessed remotely.
As businesses are seriously considering the challenges surrounding infrastructure redesign, we have seen a move towards the usage of the public cloud for easier application access and management. With this increase in applications and technologies across multiple clouds, businesses have to achieve a better understanding of how data is shared between different clouds and to architect security in each aspect.
The third factor is process. Companies have to consider things holistically, manage and support technology in a cost-effective manner, and secure application infrastructure across multiple cloud platforms.
We've seen companies start thinking about this as a result of Covid-19. It is still a trial-and-error process.
Securing when remote working
Sandeep Bhargava: In 2020, CIOs, CISOs and finance leaders have been figuring out the importance of technology to keep businesses running. People realised that technology was the only thing that kept businesses going with applications such as Zoom or Teams.
As technology has enabled flexible working, businesses need to make sure that applications are accessible from anywhere. CIOs are realising that the only way for them to get a cost- and service-optimal experience is to be cloud-native in their adoption of cloud.
Next, businesses must consider security at every checkpoint. They have to understand how to deploy the tools and technologies that can give them better security posture across multiple platforms.
As many economies are contracting, businesses experience tremendous pressure to save every dollar they spend. Even as businesses realise the benefits of a proper security approach and cloud adoption, we are seeing a low level of adoption rate due to limited budgets.
Why you need an in-house security head
Sandeep Bhargava: There is a consensus that companies need to have in-house security experts that have the right knowledge of how technology helps with security and how organisations are evolving. With a strong foundation and the right frameworks in place, organisations can then safely and securely outsource their processes.
Organisations should take ownership and accountability in-house, especially in highly regulated industries. In such cases, it would be unwise of them to outsource all security operations to MSPs and just expect to be alerted.
Additionally, organisations need to be aware that their security posture is affected every time a new cloud platform is onboarded onto their network. If organisations do not effectively manage their outsourced providers, they will have to bear the brunt of all potential risks.
There is also the issue of shadow IT, which is the use of IT systems, devices, software, applications and services without explicit approval from an organisation's IT department. With introduced risks that IT departments may or may not be aware of, organisations need to have sufficient in-house skills to resolve such a situation.
Why having a single MSP makes sense
Sandeep Bhargava: Organisations should opt for an MSP that will allow them to scale across different cloud technologies and possess updated knowledge of cloud security.
Providers such as Amazon, Microsoft, and Google continue to invest in their platforms, meaning that they will continue to build more security features that will require organisations to buy other devices or software to maintain functionality. With an evolving platform, purchased devices and software will interact differently in two years than it does in the present.
Organisations that use cloud-native functionalities may benefit as these can now perform the same function.
Tips when selecting an MSP
Sandeep Bhargava: First, organisations will have to identify their security goals and have that vetted by someone who has an intimate understanding of their security posture.
Next, organisations should look for a flexible, innovative provider that invests across multiple platforms. Organisations should look for providers that do not commit to a fixed scope nor limit them to contracts.
Finally, organisations need to figure out which partners are the most suitable for their specific needs.
Organisations also need providers with different skill sets, different levels of flexibility, and price points. From that point onwards, they just have to figure out which partners are appropriate.
Click on the PodChat player above and listen to Bhargava describe the options available for enterprises looking to further improve the security posture of their hybrid IT infrastructure.
- There is a report by NTT on interest around hybrid cloud IT - #1 is operations and #2 is security. What should be the approach organisations take when it comes to adopting a hybrid IT architecture across the private cloud, multi-cloud and single cloud?
- What are the factors involved – cost, security levels, diversification of risk?
- What are the security challenge and benefits of each option?
- What are some tips for organisations to secure and future proof their IT architecture?
- How can Managed Service Providers (MSP) help companies to design the most ideal architecture based on their unique needs?
