By George Rigby
Enterprises are rapidly moving to a cloud-first strategy, one that will deliver operational and security improvements across their entire IT estate. That said, a majority of enterprises haven’t moved entirely to a cloud-first approach and will likely take several years to fully get there.
Enterprises must first recognize how fundamentally different a true cloud-first approach is, compared with the traditional install, feed, maintain and refresh approach that has dictated IT infrastructure procedures for decades. Organizations must approach cloud-first transformation from an application down perspective.
The nature of a cloud-first strategy allows for continuous modernization and innovation, which in turn improves the end-user experience and reduces cost. To achieve the best results, extensive automation should be integrated seamlessly into the enterprise environment. One of the biggest areas for malware and security risk to exist is in legacy apps, especially older homegrown apps without proper documentation. In a cloud-first environment, those apps can either be modernized and replaced in the cloud or, in those instances where modernization is not practical, those apps can still be re-platformed within a flexible and secure private cloud provision.
Another big area for security problems is operational management, such as patching, configuring and tuning the platform. Because of the reality of Hybrid IT complexity within the typical enterprise, as well as staff shortages, day-to-day operational duties can be difficult to maintain which can lead to vulnerabilities and poor end-user experience.
Security by design
A proper cloud-first deployment truly allows for security by design, instead of the typical enterprise approach today, where security has evolved as an afterthought. Cloud-first removes silos and facilitates embedded security throughout the entire stack. For example, the concept of traditional maintenance activities, such as patch management, disappear when adopting a cloud native approach, where the Managed Service Provider (MSP) is providing managed platform services. Maintenance is replaced by deployment using robust automation, supported by continuous integration & deployment (CI/CD) practices using infrastructure as code.
A managed cloud service, specifically created with today’s hybrid or multi-cloud environment in mind, can accelerate the enterprise on a cloud-first journey. There are some critical differences between today’s managed cloud services and how it was handled just a few years ago.
In today’s cloud-first approach, a modern Managed Service Provider maintains a laser-focus on continuous modernization and innovation of infrastructure and application platforms to help clients quickly achieve business goals and stay ahead. As more applications, data and device-control move to the cloud and an enterprise’s cloud-percent soars, cybersecurity controls increase by default, given the nature of how modern clouds function.
In one sense, the gradual migration of data and assets to the cloud (one that was greatly accelerated with the COVID shutdowns) allows for a much more controlled and protected threat landscape. The bulk of security risks happen in neglected/abandoned/orphaned apps and data, given that the current IT team doesn’t know they are there. This often happens during acquisitions and data-consolidation (which itself is often found in remote sites data-sharing), when old operating systems and apps stay in the systems but are not properly monitored or managed.
Don’t make it easy for assets to hide
On-prem deployments offer lots of places for assets to hide within a large enterprise. But as those assets are brought into a modern cloud environment, they are more easily discovered, made visible and enforced with automated IT and business policies.
“During COVID, businesses accelerated their cloud strategies to gain greater flexibility and agility in digital operations. However, they quickly discovered that the complexity of hybrid and multi-cloud environments outpaced their own resources. As a result, they turned to third-party expert managed services providers for help with designing, implementing, and managing their hybrid cloud environments,” noted analyst firm Frost & Sullivan in their 2021 Global Managed Cloud Services Market Report. Organizations are increasingly relying on a hybrid/multi-cloud environment to meet their disparate compute and storage needs. But they are daunted by the complexity involved in integrating, securing, and managing workloads across vendors and locations. Managed cloud services providers that can simplify ongoing management, and deliver business results, are well-poised for success.
NTT Ltd.’s Managed Services Report found that 41.7 percent of organizations who have at least three-quarters of their IT currently managed by third parties have pivoted technology focus to take advantage of the market opportunity or ability to scale. This compares to those who have little to none of their IT managed by third parties, where only 25.7 percent have pivoted technology focus.
Another key factor to modern cloud success is pushing automation as far as is practical. Automation at all levels helps to drive self-service and standardization, via the successful adoption of DevOps practice. This is critical to achieving rapid, robust, and agile business-led transformations. Automation reroutes mundane repetitive tasks away from IT and Security talent, allowing them to focus on more critical tasks. At the same time, automation is markedly faster, more accurate and much more scalable than using scarce personnel. It also improves control and traceability of change helping achieve greater levels of compliance. The Managed Services division of NTT leads the way in managed cloud services, mission-critical application hosting, and comprehensive governance and compliance capabilities. To learn more about our Managed Service approach, contact a representative today.