– Part 1.
Over the last ten years, the way businesses create, manage, secure and store data has changed quite a bit. This was prompted by the release of more powerful laptops and mobile devices which provided users with the tools to achieve more.
Many businesses began to see the advantages of empowering staff members with devices which could do more – ultimately increasing business productivity and growth. However, what business stake holders didn’t see was the increased pressure IT management, CFOs and CISOs were under to ensure they could meet business goals from a both financial and technical standpoint.
- Ensuring there was a budget in place to meet the technical requirements of a business was demanding
- Ensuring business technical requirements were achieved in many cases was even harder
Let me make one thing clear. There will always be a need for a domain environment in the traditional sense. Sectors such as banking, government and law which manage and process highly sensitive data will always have a need to protect that data as much as possible.
This is usually done via hardware with
- Intrusion detection/prevention solutions
- Active Directory
- Processes which control access to data
Backup and disaster recovery “DR” of data and infrastructure is paramount now due to the unrelenting threats businesses face.
Many businesses avail of a hybrid domain configuration between the internal domain and the cloud-based equivalent. This has been commonplace for many years and is down to AWS, Microsoft Azure and Office 365. Hybrid domains bridged the gap from the traditional domain to the cloud and the increasing need for access to cloud data and services.
This opened the cloud-based technology flood gates for businesses worldwide. And, while solving multiple problems like scalability, productivity via IaaS, PaaS and SaaS, it also created a few security headaches.
“How do we monitor, protect and report on our data?”
The birth of hybrid domains presented a number of challenges for IT management due to data being more accessible and more dangerously, data in many cases became fragmented across the environment landscape – most of the time outside the businesses anti-virus, firewall and intrusion detection/prevention. These became hot topics:
- Data governance, management, protection
- Data usage reporting and tracking
- Device management and protection
- Identity Access Management (IAM)
- Information protection and rights management
AWS and Microsoft Azure/Office 365 provide great services. However, due to poor configuration, not by the service providers but by the users, data can be open to compromise. We’ve all read about some AWS bucket being breached due to poor security processes – not by AWS – but by service users.
Yes, we can use frameworks such as Ansible and Terraform to deploy and configure infrastructure as code, build templates and scripts to automate everything and apply security processes. This is something I whole heartily agree with as it removes human error.
Templates and scripts
Does this mean scripts and templates won’t break? The straight answer is no, but scripts and templates are easily fixed. They provide logs detailing what went wrong so they can be fixed fast and the results from a template or script are much more predictable.
Use of templates and scripts in this way creates consistency, standardisation and free time. More free time that architects and engineers can put to really good use. I’ll say it – I love automation!
The mobile age is here
It’s my opinion that the mobile age is now truly here. Start-ups are no longer putting their seed capital into hardware, buying servers to host multiple VM’s, store data or host publicly accessible cross browser web applications. They’re putting everything into the cloud.
Instead of running applications and six or seven VM’s – for example – they have three VM’s in the cloud “Production, DR and UAT”. Each VM is nothing more than a basic OS that serves to run each application in its own docker container with data stored in a wide selection of storage solutions such as AWS S2 and S3, Azure Cosmos, SQL server and Storage Tables. Better still, many applications can be run in containers without the use of a VM at all now as micro services.
This offers huge cost savings, not only to start-ups but also established businesses. Vastly reducing OS licensing fees and there is a huge reduction in hardware costs also. There is no need to run on-premises servers 24/7. If you don’t need a service or application outside of working hours, simply shut it down during those hours and instantly reduce your cloud costs.
Most importantly to me, Docker offers a layer of security through the separation of services. As everything is in its own container, each application or service is effectively in its own bubbles which can’t interact with other containers or the operating system it’s running on.
Some providers of software and services on Docker include:
View the full list of vendors and their supported Docker images here
Read part two.