Why an app-centric IT policy is the key to cloud strategies
- 11 October, 2017 14:13
The safe, fast delivery of applications is now the primary concern of business leaders – not just IT teams. To support apps in a cost-efficient and user-friendly way, IT teams are having to make increasingly complex decisions about how to host workflows and data in a multi-cloud environment. On top of this, applications are becoming the entry-point of choice for hackers, meaning security remains high on the priority list.
Ensuring your team has the skills to model, manage and program applications in hybrid cloud environments are now vital to a successful IT strategy.
Cloud: the rise of the hybrids
We live in an on-demand world, where companies need on-demand solutions. To deliver this agile environment, IT teams and supporting infrastructure are coming under pressure, and for a while, the cloud promised to be the answer to all these problems – offering scalability, affordability, and managed services that decreased the workload on internal IT teams.
However as with all things that sound too good to be true, organisations across Australia are realising that the reality is more complex.
The benefits of public cloud are well-publicised by the likes of AWS, Microsoft Azure, and a host of other providers. These include reliability, scalability, and cost-savings for physical server hardware, storage and maintenance.
However many organisations are realising that private clouds can offer the same reliability and flexibility, with added benefits such as control of data and access points, preservation of IT skills in-house, and tighter control of costs, particularly for larger organisations.
And so enter the hybrid-cloud.
Rodney Gedda, Senior Analyst at Telsyte explains that “having the agility to pick and choose the right cloud service for any application is the big promise of hybrid cloud.” According to Microsoft, the number of Australian organisations using hybrid clouds is predicted to increase to 49% by mid-2018.
The application security challenge
Although organisations are choosing the platform, data centre location, and ecosystem that best meet their specific requirements, this hybrid environment is challenging. In our annual State of Application Delivery report, organisations cited the inability to have consistent security policies across multiple environments as the top challenge they face.
This isn’t surprising. Cloud-based apps are uniquely vulnerable for a couple of reasons. The first is the potential for users and organisations to store or access significant amounts of sensitive information (such as personal data and financials) through them without additional verification once you’re ‘in’. In line with this, we found that applications with the highest on-premises private cloud footprints are, not surprisingly, internal finance, human resources, and billing. Additionally, our customers reported a strong preference for on-premises private cloud for industrial IoT apps.
The second vulnerability is that as app traffic moves around the web using both public and private clouds, securing the entry and exit points rests on the organisation, not the cloud provider. While apps can be equally secure in public or private clouds, some of the traditional security solutions businesses have relied on are circumvented by apps.
This security risk isn’t just theoretical. Gartner revealed that 72% of today’s security breaches are due to compromised user identities and vulnerable applications. As such, DDoS mitigation and Web Application Firewall services are fast-growth areas in Australia as organisations rush to protect their apps.
Re-engineering apps for a cloud-first world
It’s clear that in an app-centric world, security needs to be built into the application layer, as well as the infrastructure of a business. This will mean users are secure as they move around the web, with applications running all the time, and not just at each ‘checkpoint’, such as a password or logon request.
App-centric security operates on three principles:
- Who the user is
- What the user is doing
- The context in which the app is being used (i.e. is this user supposed to be doing this)
But how do you build security into the application layer, without compromising on speed or usability?
Most users will find a delay of a few seconds tolerable to allow for verification before gaining access to financial or other sensitive information, but will find the same few seconds of delay hugely frustrating if they are made to wait every time they want to access the app as a whole.
Application architects and IT managers with expertise in user-experience are revolutionising the way services and applications are delivered to end-users to solve this problem. They are breaking up applications, which were previously treated as monolithic pieces of software, and putting some parts in the public cloud and others in the private cloud, based on factors such as importance of speed of delivery and security protocols.
Application architects typically come from a computer programing or developer background, and find problems, reduce risk, improve predictability, reduce costs and test product scenarios within applications. Key focuses include interoperability of apps, performance and scalability, reliability, and the application lifecycle.
With applications at the heart of modern businesses, ensuring that your IT team has the above skills in-house will be vital to a successful cloud strategy, and ultimately to the user-experience of staff and customers.
The smartest companies should operate in an app-centric way, and build services with the balance of speed and security at the heart of their customer approach. Increased security cannot result in speed, efficiency and flexibility suffering to any significant level, and re-engineering applications for a cloud-first world is the best way to achieve this.