As a system administrator during the early days of the “cloud revolution” I found the “cloud” metaphor an interesting choice to frame the technology stack.

Clouds, in my mind, were “woolly” and hard to pin down as opposed to the omnipresent, always-available things that IT marketers were suggesting cloud services would be. But whilst I wasn’t a fan of the metaphor, I could easily see the benefits of cloud-hosted services as more and more businesses started to adopt both public and private cloud solutions.

The debate of public versus private cloud doesn’t get nearly as much press as it once did, with the cost of public cloud aggressively nipping at the heels of private cloud hosting services and vendors rushing to add more and more features to their cloud offerings. This is especially true in the security field, with public cloud suppliers looking to try and further differentiate themselves from private cloud networks which have traditionally offered the greatest level of flexibility and thus potential for tightest security. (This presumes, of course, that you were prepared to build out that security stack yourself!)

In my mind, private cloud remains a powerful way of keeping security controls internal – a key element when security is a priority. When you need to add a new security function to your private cloud, the main challenge in most cases is how quickly you can deploy the toolset. This, in turn, ensures that you can increase your security coverage quickly and easily. But there are costs to this – by keeping your infrastructure in your own private cloud, it is on you to maintain the state of your security “garden,” and you need to make sure you’re pruning the weeds and ensuring ample coverage all year round.

Public cloud, on the other hand, allows you to potentially outsource your security objectives and may make security “not your problem.” Those of you used to assessing risk will probably hear some alarm bells ringing at that concept, but problems unseen are harder to manage that those you have direct control over. If your vendor’s security history is patchy or untested, this is particularly worrying.

There are some additional nuances to consider relating to public cloud that may be missed in relation to security. A centrally hosted management service means that access is potentially available anywhere, which makes taking additional precautions (such as multi-factor authentication for logins) all the more important. (Although it may be distributed, most big cloud providers will provide a single URL for administrator access.) Also consider that all your management control instructions will travel across the public internet. Of course, that is almost certainly happening over SSL, but a plethora of man-in-the-middle attacks over recent years have shown that even with HTTPS, there’s a risk (particular on networks outside of your control) for people to intercept or manipulate traffic that is harder to detect. – Read more

A cloud migration is easier than you might think, assuming that you gain a good understanding of your own apps and services and what each cloud provider offers.

It’s really not that hard! That said, this would be a very short blog if that was the only answer. Honestly, it does depend on a few things. I had the chance to work on several projects where cloud-to-cloud migrations and working with multiple cloud providers was the requirement. Before we go on, it’s important to note that the market is very much open to cloud migrations and working with multi-cloud ecosystems.

Consider this, 81% of public cloud users reported using two or more providers, according to a recent Gartner survey. Also according to Gartner, the top five Infrastructure-as-a-Service (IaaS) providers accounted for 77% of that global IaaS market.

“Most organizations adopt a multi-cloud strategy out of a desire to avoid vendor lock-in or to take advantage of best-of-breed solutions,” Gartner VP analyst Michael Warrilow says in a recent Smarter with Gartner post. “We expect that most large organizations will continue to willfully pursue this approach.”

State of the cloud market

The good news is that the vast majority of those working with cloud have a very good definition of what it does and where it works for their company. Basically, we don’t need to explain that cloud is just another data center, somewhere.

However, with that broad definition come some challenges around emerging complexities in working with and designing around cloud. Specifically, people may understand cloud in general, but they get stuck on certain cloud services and where they should be applied. My experience has taken me across all of the major cloud providers and I’ve seen where each can apply some extraordinary benefits.

For example, Oracle Gen2 Cloud is arguably one of the best out there for bare metal applications. Similarly, Google Cloud Platform (GCP) is amazing in how it applies data-driven solutions for things like sentiment analysis, machine learning, and cognitive systems. Or, some love to leverage Azure for its deep integration with things like Power BI and other core Microsoft systems. The point is, each cloud can have its own benefits and you don’t have to be stuck on just one cloud vendor.

“But it’s easier to manage just one cloud, right?” Yes and no. Just because it might be slightly easier to manage a single cloud environment doesn’t mean you’re actually doing yourself any favors. In fact, you might be sacrificing quite a bit of a competitive advantage in using a single cloud over a mixture of multi-cloud services. – Read more

During the past decade, digital transformation has enabled enterprises to move from legacy systems to virtual systems.

This leads to the reduction of physical systems, as multiple virtual machines can run on a single system. In this process of evolution, containers were developed and utilized to lessen the weight of application development, as they contain only application-relevant data centers/libraries and fit easily into any infrastructure. Containers influence major technical areas and play a key role in DevOps, cloud, etc. This role continues to grow, paving a faster path to quality applications.

When an organization migrates to a new infrastructure, it requires addition of new features, components and resources that make the process cumbersome and critical to manage. This is why we need to strategize and formulate the best approach for cloud migration.

The lift and shift migration, also known as rehosting, deals with lifting an entire application from its old environment and shifting it to cloud without any change in code. This is a simple approach that requires minimal effort to move an application and helps in faster migration and deployment. But this may cost more while operating on cloud and doesn’t take advantage of the native features of a cloud platform.

Apart from this lift and shift migration, we can migrate by leveraging containers. Containers are not a new concept and have been around for several years now. It is all about compartmentalizing the systems and shifting them from one platform to the other.

Benefits of Leveraging Containers for Cloud Migration

Reduced complexities: Employing containers removes dependencies on cloud service providers and decreases the complexities of handling the platforms. They are like customized compact domains that support every chunk of the application with an independent environment to run.

Maximized portability: Due to dependencies, guaranteeing portability in a manual process is difficult. However, using automation migration or reconfiguration between containers helps to increase the magnitude of portability. This enables the application to run when migrated from one platform to another without compromising the quality.

Better distribution: Containers are capable of running on multiple cloud platforms based on their utilization. Organizations broke applications into different components to run on different cloud platforms. Later, they brought these components together for better optimization.

Improved Efficiency: Due to this optimization and distribution fashion, applications become more scalable and independent of environments. For instance, if there is a sudden demand for an application, we can provision extra containers with zero modification.

Enhanced security: Containers not only help in migration but also serve as a road map to IT modernization by updating and modifying applications, adhering to the changing trends. This results in improving cloud security and governance services. – Read more

Government organisations are exploring cloud-first approaches to their customer service computing needs.

To make the transition successfully, they need to overcome some challenges specific to the public sector  — and cloud service providers need to understand them.

Chris Fryer, Enterprise Architect, NEC Australia, offers several key insights about the particular challenges for government executives looking to utilise cloud computing.

According to Fryer, one of the most obvious differences is that government executives need to plan for solutions that work within government procurement rules. Compliance, by its nature, is not optional. However it is also important to understand what is obligatory versus what is desirable for government within the rule.

Likewise, he says, it is important to understand the client environment and how it applies to cloud products and services. There are big differences between government and corporate entities. It’s important to look at what secure, certified, accredited government gateways there are, and to provide access as a service.

Finally, Fryer questions whether the decision to move to the cloud is policy-driven or financial.

Technology is less important, he says. “The strategy could be to introduce DevOps into the environment or it could be purely financially driven. This is a potential catalyst for discussion, but not the main issue.”

Business Drivers

Often, the key business drivers are different for government organisations as opposed to those of the private sector. The most obvious is that revenue growth is rarely a factor.

Instead, public sector organisations are often focussed on reducing the delivery risks associated with contact centre services — such as security vulnerabilities, poor software performance and service reliability.

Of course they all want to reduce operational costs such as setup, maintenance, and upgrades associated with operating contact centres.

“We have seen shifts in both federal and state governments in the last three to four years,” NICE Systems Managing Director ANZ, Gerry Tucker, says. “There’s a much more straightforward acceptance, willingness and in some cases preference for cloud, primarily because they’re trying to reduce the cost to serve.”

Where government enterprises share a priority with private sector organisations is in their desire to reduce time to value. On this point, cloud solutions offer the potential for ease of innovation and continuous improvement.

Cloud solutions also give contact centre customers the ability to scale up operations in high-traffic periods, or down again, in a more cost-effective way.

“What has happened in the past was that if you needed greater capacity, you had to invest in new infrastructure,” NEC Account Director for the Australian Taxation Office (ATO), Donald Craven, says. “Once you bought that capacity, you couldn’t simply sell it again. It was easy to ramp up capacity, but not easy to bring it down again. The Cloud gives you the capacity to ramp up and down.”

Benefits

For governments, there are three basic benefits to migrating contact centres to the cloud: improved customer experience; managing risk and data sovereignty; and managing costs.

Elements such as omnichannel offer governments a new and improved way to interact with clients.

“A contact centre is all about client interaction,” NEC’s Craven says, “and this is so important for key government agencies dealing with significant numbers of people. It’s all about citizenship and citizen interaction, and improving their reputation.”

In terms of managing risk, there are elements unique to government that must be managed along the way. The government sets stringent mandatory requirements for cybersecurity, which are making their way into the cloud. For example, data cannot be stored outside of Australia.

“We have product-as-a-service but the product that governments need is Security-as-a-Service. This is an emerging market for government,” says NEC Enterprise Architect Chris Fryer. – Read more

The need for digital transformation has changed the mentality of decision makers who are now eager to benefit from the many advantages cloud services can bring to overall business operations.

However, this cloud-first mindset has surfaced security concerns as 83% of workloads are expected to be in the cloud by 2020 and new cloud services appear daily.

Companies should be reminded to “look before they leap” when it comes to taking on digital transformations with cloud at the heart, or else risk being exposed to security issues. The most reoccurring problem of which involves the ownership and responsibility over security. Someone always seems to pass the buck, resulting in unprotected cloud systems.

Despite there not being a physical presence for cloud systems, networks and applications within a company, it does not mean that the mantra ‘out of sight, out mind’ should be adopted. Security and risk mitigation are both critical components that cannot be neglected and should be assigned and managed accordingly, whether that’s by the cloud service provider or the organisation itself.

Typically, the cloud provider manages the service they provide, whether it is the foundational infrastructure from which to build a network, or the software to consume. How the environment is set up and monitored, what is stored and how the data is protected is left up to the organisation. Yet, the most important aspect is how risk is managed and providing that cloud security is aligned with the overall security framework of that particular organisation.

Data protection in the cloud

Data privacy has been brought to light in recent years and leading the way for a better data-protected world is the European General Data Protection Regulation. Similar policies have sprouted up in some states in the USA with Arizona, Colorado and California, meaning organisations operating on both sides of the Atlantic are being faced with increased requirements to protect data across all areas of business.

Gone are the days of implementing a Data Loss Prevention (DLP) solution in a data centre because it has now become too fragmented. With the cloud, there are now services, systems and infrastructure that are no longer owned by the organisation, yet still require full visibility and control.

Challenges also arise when managing cloud services that share or exchange information. For example, who owns the Service Level Agreements (SLAs)? Is there a single pane of glass that monitors everything?

DevOps has forced corporations to go as far as implementing micro-segmentation and adjusting processes around firewall rule change management. Additionally, serverless computing has provided organisations with a means by which they can cut costs and speed productivity by allowing developers to run code without having to worry about platforms and infrastructure.

However, if security is not handled across these virtual infrastructures, then issues can quickly manifest, leading to data leaks across multiple environments. – Read more

Why businesses are turning to the cloud for media management

If dodgy data activity is rattling your confidence in migrating your business to the cloud, you’re not alone.

Data breaches are now headlining newsfeeds on a regular basis. The sheer volume of the world’s daily data collection is also spiking security concerns, making the business of protecting it all the more complex.

As a custom software development and cloud enablement company, BBD understands that an organisation’s cloud solution will always be a moving target. No one is immune to the vulnerabilities involved in storing data in the cloud.

Often an afterthought

“This is something that needs to be set up correctly from the very beginning and continuously monitored,” says Clayton York, a certified AWS Advanced Networking Specialist, cloud engineer and part of the managed cloud services team at BBD.

“It is advisable to adhere to the five key pillars at the start of any cloud migration plan, one of which involves security measures.”

The other pillars of a well architected framework that must be taken into consideration are operational excellence, reliability, performance efficiency, and cost optimisation factors.

The design principles which incorporate these security measures should include tools which can be applied throughout the different layers to provide you with end-to-end protection. This can be achieved by implementing automated security practices and preventative components to guard against potential threats.

Seriously, think security

Customers, revenue or overall reputation – the very things any business fears becoming compromised or losing altogether are the same reasons why a security strategy must be clearly defined from the beginning.

But it’s not only loss of data, the last thing any organisation wants is an exorbitant bill. With the massive scalability of the cloud at their fingertips, coupled with a malicious intent, hackers can quickly ramp up your costs if your cloud environment is not as secure as you think it is.

“Not all breaches will take you by complete surprise either. Many tricks in a hacker’s toolbox can be planned for and that’s why having the correct security measures in place helps to avoid such a bill, or the loss or theft of sensitive data” explains York.

Breaking misconceptions

To have the mindset that security will only be handled entirely by the cloud provider is not correct. York explains that security is a shared responsibility between the provider and the customer. Which is why selecting the right cloud partner for you is an essential stepping-stone in achieving a secure journey to the cloud.

Simply put, it’s not worth cutting corners at any stage of a migration to the cloud. Credible cloud providers have the best quality infrastructures, highly skilled resources and the professional software in place that’s needed in order to achieve resilience. York explains that at BBD, this is what the client is ultimately paying for when it comes to implementing a top-notch security solution in the cloud. Poor planning or inferior quality services and tools will make the entire project unreliable and by extension, unsafe.

Dodging disasters

York advises that in order to protect yourself against vulnerabilities, always do your research and follow the best practices recommended by your cloud provider during the initial planning phase of your migration strategy. Use the cloud management security tools as they give you an overall indication of the status of your environment and outline potential weaknesses. – Read more

While the cloud adoption rate around the world is on the rise, there are still many organizations that are resisting the adoption of the cloud.

Their main reasons behind not adopting the cloud are some myths and misconceptions.

According to The State of Enterprise Software 2019 report by IBRS, the most common cloud myths among the businesses are security, price, and integration. For instance, Australia is a leader in enterprise cloud adoption, but still, some market segments remain in the thrall of cloud myths.

Most common cloud myths and misconceptions

Following are the most common myths about cloud computing:

1. Security Myth

A high number of organizations in the survey said that security is the main reason for not migrating to the cloud. They are concerned about the security of the cloud systems and the critical data shifted to the cloud. But it is one of the biggest myths about the cloud.

The investment by cloud service providers on cybersecurity is more than most of the organizations’ budget. They have strict data security policies and practices in place.

2. Cost & Utilization Myth

A large number of organizations are in a false belief that it will cost them higher if they run the infrastructure on the cloud. That’s why they choose to manage software solutions internally on-premise.

The IBRS report busts this myth, showing that the main advantages of migrating to the cloud are:

• freeing up IT resources from on-premises infrastructure,
• reduced investments in on-premises infrastructure, and
• lower operating costs.

– Read more

Moving to the cloud has become a key strategy for organizations as it enables accessing software-as-a-service over the Internet.

It’s also a safe way to store and share data. Business productivity ramps up as employees access data from any location for completing crucial business tasks. However, when it comes to storing data on the cloud, security is one crucial aspect that can’t be compromised at any cost.

Cloud security consists of a defined set of policies, procedures, technologies, and control that work toward protecting the data, systems, and cloud infrastructure. Cloud computing is typically divided into three different categories: IaaS (infrastructure-as-a-service), PaaS (platform-as-a-service), and SaaS (software-as-a-service). Any of these services can be used as per the requirements of the business.

Cloud computing infrastructures are highly secured and capable of protecting data from potential risks such as theft, unauthorized access, or hacks. Cloud security measures are constituted to protect data as well as protect the customer’s privacy. From access authentication to filtering traffic, security parameters in cloud infrastructure can be configured to specific business operations. The security of your cloud infrastructure solely depends upon the security solutions and algorithms in place as well as the security measures implemented by the provider.

Why is cloud security important?

Robust cloud security is essential for businesses switching to the cloud. Data security threats have been troubling organizations for decades, and they have become even more sophisticated irrespective of the cloud or on-premises environment. This calls for the need to hire a reliable and trustworthy cloud service provider to ensure best-in-class security.

Security is considered a big issue as the business-critical and user-specific data is stored at a location that is not controlled by a single entity — even the location of data is unknown. The data at rest as well as the data in transit is at risk if it can be accessed or modified by unauthorized parties. Cloud data is considered secure if it accomplishes several conditions such as confidentiality, integrity, and availability.

To prevent data from unauthorized access, it is important to implement data security practices such as converting it to such a format that is unreadable to the unauthorized person. – Read more