IT architectures have evolved to support the way from the mainframe, to client-server, to the web, to cloud the way people demand to work. Every old thing becomes new again: Modern cloud-computing technology shares user commonalities specifically; the ability to connect remotely with mainframe architecture, except the cloud, is considerably more highly distributed and scalable.
Early computing architects could never have imagined the limitless size, breadth of scope, and always-on availability of today's cloud computing. InfrastructureasaService platform providers like Amazon, Microsoft, and Google have invested heavily to be able to offer elastic, pay-as-you-go, cloud services. Those same services have effectively displaced onsite computing and even private data centers. The cloud is no longer a playground for IT experimentation but rather an operational mandate for enterprises of all sizes.
There are three stages to the enterprise cloud transformation journey: Application, Network, and Security.
1. Application Transformation
Innovative software providers like Salesforce ushered in the era of Software as a Service (SaaS). Salesforces CRM offering quickly displaced incumbent enterprise internal hosted contact management systems. Similarly, Microsoft moved its Microsoft Office suite of email and productivity tools to the cloud with Office 365.
Government Leaders Are A Necessary Factor In Cultivating A Digital Workforce
- Scalability: One size fits all from five users to thousands.
- Availability: Maintenance, support, and uptime are all the responsibility of the provider.
- Dynamic upgrades: Users log on Monday morning and discover significant upgrades that have been made over the weekend. They can start to use them right away, without having to wait for the IT team to test the updates, schedule downtime, and roll them out.
Cloud transformation also provides enterprises with an ideal opportunity to better manage corporate applications.
2. Network Transformation
In the old world of legacy hub-and-spoke corporate networks, applications were hosted in the data center, and users accessed them via the corporate network, and always within the confines of the perimeter-based firewall. To connect, users logged on via a VPN, connected to a VPN concentrator back at HQ, and traveling via (expensive) MPLS circuits to their desired application destination.
Cloud computing breaks the legacy network model. MPLS hair pinning degrades the user experience, particularly when users are accessing cloud applications like Office 365. Users demand to connect directly to internet and cloud resources, from home, the coffee shop, or on a plane. Hub-and-spoke networks constrain that growing traffic, routing it over a spotty VPN to the local hub, filtering it through a stack of (expensive) security hardware appliances, out through a secure web gateway to the cloud. Cloud access requires bandwidth, and enterprises struggle to keep up with bandwidth demand.
Users connecting directly to cloud resources via local internet breakouts represent the promise of network transformation. The approach is supported by SoftwareDefined Networking (SDN) capabilities that recognize traffic destination and route it to the corporate data center or out to the internet. And that broadband internet connection is considerably cheaper to manage than leased MPLS lines.
3. Security Transformation
Legacy network security models protected the entire corporate network. But how can an enterprise protect users bypassing the old network on the way to the cloud?
Security transformation should start with deploying ZeroTrust networking, an approach that establishes a default-deny posture for all network data and traffic interactions. Second, move on from legacy security to dynamic, continuous adaptive trust and threat mitigation.
The legacy castle and moat network security model relies on IP address for authentication. That's a start, but with today's threat landscape, it's not secure: Go to any website. You can quickly determine the IP address. You can try to log into the page multiple times. You can try different ports for FTP, Finger, or telnet. A hacker can attempt cross-site scripting or SQL injection attacks. A nation-state can intercept the connection and inject their own malware to infect the end users computer or smartphone.
In an SDN enabled ZeroTrust environment, the corporate application is never exposed to the open internet. It is discoverable only to authorized users. Cloud-based inline security a security check post identifies the user requesting access and authenticates access privileges. This check post informs the application which then connects the user device to the resource.
The cloud-based inline security check post uses a granular policy engine that can enforce each users access to each application. Traffic goes through multiple filters much like a UTM device, except the architecture is multitenant and scalable. And each user benefits from the threat intel derived from all user traffic.
The implications of cloud transformation are readily apparent. More efficient IT leads to more efficient business processes which lead to higher enterprise productivity. Better security is delivered at a lower cost. The internet has replaced the corporate network. The cloud has replaced the corporate data center.