By Ashwin Krishnan
‘Cloud’ is all the rage – and for the right reasons.
More practically, for enterprises who have been around for 5+ years, this rage is chastened with the need to balance the investment, learnings and governance put in place for their on-premises investments against their cloud investments – not to mention the unlearning and relearning that goes along with the cloud journey as well as the modified - as appropriate - governance model! That is a mouthful and it is – there is no easy way out.
But let’s dig a little deeper into multi-cloud for a second. Starting with the definition – if an enterprise is in more than one public cloud, that is multi-cloud. And lots of organizations are already there – whether they know or even like it! For instance, if you are using Microsoft Office 365 and Google Docs - #Boom – you are in multi-cloud already! And to boot, as I mentioned earlier if you still have on-premises compute and storage along with more than one public cloud - you are hybrid with multi-cloud. I am not trying to be over-dramatic here but most organisations have never even looked at what the SLA’s and more importantly the impact of a breach could do to them. And this is different for each cloud.
For instance, AWS has famously published a ‘Shared Responsibility Model’ where they articulate clearly what AWS is responsible for versus what the customer is responsible for. But this is only applicable to AWS. IBM Bluemix on the other hand, has a different model. And if an organisation isn’t at least aware of this difference (hats off if they have run a doomsday breach model against each of this!), they are doing themselves and their customers a huge disservice.
But there is one common enduring substrate that is common across these disparate public clouds - and on-premises brethren as well – and that is the ‘data’. This data could be your intellectual property, your customer data, legal records – it does not matter. What matters is that this data is secured regardless of which cloud you use, what variances of the ‘shared responsibility model’ exists between these clouds and an easy to comprehend ‘doomsday scenario planning and recovery’ that is consistent.
Well, maybe that is too good to be true and I am just toying with you – no such model exists? Wrong – it exists and it what made us #WannaCry recently – encryption. By identifying data – regardless of whichever cloud it may be resident in – and encrypting it beforehand, enterprises have already taken a huge leap forward in protecting themselves (and their customers). So, if it is that obvious, why isn’t every enterprise rushing towards encryption at the same pace as they are rushing towards multi-cloud. The answer is ‘Its complex’. While the process of encryption itself has taken leaps, and bounds in terms of efficiency (there was a significant tax it would impose in the past on compute and memory, nowadays that has improved dramatically), the options of where to encrypt, where to manage the keys and most importantly WHO has access to these keys need to be asked and answered! And this is true of multi-cloud and hybrid multi-clouds.
We will look at the options that exist in the next installment of this series. Stay tuned!
-Ashwin Krishnan is Senior Vice President of Product Management, Strategy, Technical Marketing at HyTrust