Sergey Nivens - Fotolia
In the past few years, there has been an explosion of cloud service offerings to match the wide variety of industry cloud infrastructure needs. Today, the average enterprise uses external clouds to deliver more than 60% of its workloads. Plus, most organizations operate multi-cloud environments -- using two or more providers -- which presents a host of security challenges.
To securely operate a multi-cloud environment, IT must prioritize security concerns in its workload placement process. This includes having a formalized process to decide which cloud a given workload should be placed in -- whether that be internal or external, IaaS, PaaS or SaaS. According to Nemertes Research, organizations that implement a multi-cloud placement process are 42% more successful in their cloud operations than those without.
With security in mind -- in addition to factors such as cost, workload affinities and architectural suitability -- every workload placement process must thoroughly evaluate information and operational risk and specific security requirements. Here's how.
Workload placement should account for information risk
With the assistance of the risk management team, IT and security programs must meticulously consider how much weight to place on the security of the data a workload will handle. This requires an understanding of the organization's entire risk profile -- a challenging task.
Many organizations that conduct risk profiles try to calculate estimates of monetary values as well. Sometimes, a floor can be put under the level of risk, based on hypothetical fines and damages the company would pay in the event of exposure. Costs beyond that may include stock value loss, lost funding due to investor reluctance and decreased revenue due to loss of customers.
Consider operational risk in multi-cloud workload placement
In its efforts to secure workload placement, IT should consider the potential financial effects of loss of operational integrity. This requires cooperation with business leadership. Consider what would happen if a workload's performance were to deteriorate or if a workload became unavailable. These cases could bring harm to the business, and that should be accounted for when deciding workload placement. For example, the business may experience lost revenue and customers or incur costs due to spoilage or the inability to complete a supplies purchase at a given price point.
In considering workload placement, IT must consider all the operational logistics. For any workload placement process to be successful, account for security, availability and reliability in different clouds. Also, understand how certain security features of a given environment will affect cost.
Accommodate compliance in multi-cloud workload placement
Beyond risk in its various guises, IT must also consider specific security requirements of the workload. In order to be compliant, some workloads may require a certain level of encryption, for example. In other cases, workloads may need to encrypt data both in motion and at rest or use encryption for which IT holds the keys outside the cloud. In still other cases, a workload may need to operate entirely within specific geographic boundaries for compliance reasons.
Too often, compliance factors are considered only after a multi-cloud workload placement decision has already been made. This may call for the placement decision to be reversed or reconsidered. This is complicated by the fact that some environments may not be able to accommodate certain requirements. For example, the company's sanctioned IaaS environments may be unable to meet a need for restricting network traffic flows to specific geographies. There may be cases where it becomes necessary to layer on a third-party service or product to address a gap in security services within an environment. These purchases can bring added cost and complexity and, therefore, additional risk.