Leveraging the Agility of DevOps Processes to Secure Hybrid Clouds

White Paper: Leveraging the Agility of DevOps Processes to Secure Hybrid Clouds Executive Summary Fully leveraging technology to drive business has become paramount, with many organizations using an array of platformand infrastructure-as-a-service (IaaS) cloud services to expedite building and delivering new applications, services, and entire lines of business. The broad adoption of cloud services and the new methodologies centered on automation punctuate the agility provided by modern technology. While fundamental changes in the computing landscape challenge established cybersecurity practices, they also represent notable opportunities for compelling improvements. The perspective that code is infrastructure captures one of the foundational elements of how organizations now deliver, manage, and secure infrastructure. That is, the shift is beyond a technological one; agile software development Today’s IT business model, rooted in enabling and the continuous integration and continuous delivery business agility, demands that cybersecurity (CI/CD) methodology of the DevOps movement embody keep pace with the velocity of the cloud. the need for speed to gain competitive advantage. Today’s IT business model, rooted in enabling business agility, demands that cybersecurity keep pace with the velocity of the cloud. Securing cloud infrastructure requires not only understanding what is technically different about today’s data center but also fully embracing and exploiting the benefits of DevOps as a means to codify cybersecurity practices and controls. In fact, according to a recent research study conducted by ESG, and discussed in this paper, 30% of research participants said that one of their highest priorities is to build a cloud security strategy that can be used across heterogeneous public and private clouds, making it the most-cited response. 1 The Multiple Dimensions of Hybrid Clouds Hybrid clouds are more than those comprised of an on-premises and public cloud footprint; they are a combination of disparate infrastructures with physical and amorphous perimeters. The use of services from multiple cloud service providers (CSPs) and a heterogeneous mix of server workload types has led to the multiple dimensionality of the modern data center. Multi-clouds The subscription to and consumption of services from multiple providers is consistent with how IT leaders and decision makers have historically procured offerings from a varied set of vendors in other areas of technology. While a market leader will emerge, other followers quickly enter the mix, creating not only more competition, but diversified IT environments. According to research conducted by ESG, 81% of organizations who consume infrastructure-as-a-service (IaaS) use such services from more than one cloud service provider (CSP). This research also reveals that the top drivers behind multi-cloud adoption include: • The influence of large application vendors on cloud services and application selection. • A best fit approach of aligning a cloud platform with the needs of a particular application. • A desire to avoid vendor lock-in by not being dependent on a single CSP. • Decentralized IT, in which different business groups will select different cloud platforms. 2 Source: ESG Research, Trends in Hybrid Cloud Security: Minding the Gap, November 2017. All ESG research references and charts in this white paper have been taken from this research survey, unless otherwise noted. 2 Source: ESG Master Survey Results, 2018 IT Spending Intentions Survey, December 2017. 1 © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. White Paper: Leveraging the Agility of DevOps Processes to Secure Hybrid Clouds 4 Heterogeneous Server Workload Types The server form factors, locations, and operating systems employed across hybrid cloud environments are creating a highly heterogeneous mix of workloads. To leverage the agility of IaaS platforms, many organizations are shifting their server workloads to a public infrastructure, as highlighted by the 55% of participants in ESG research that indicated 31% or more of their production workloads will be cloud-resident in the next 24 months, up from 31% who have the same percentage of production workloads in a public cloud today. At the same time, applications based on a micro-services architecture are leading to the deployment of containerized applications to production in customer-managed environments as well as on public cloud platforms. Containers are not delivery vehicles for new applications only; according to the ESG research, 73% of organizations are using or will use containers for “legacy” applications as they refactor such applications in distributed, micro-services implementations. While this evolution to new architectures marginalizes old application stacks over time, virtual machine and client-serverbased applications will remain meaningful elements of the heterogeneous mix of workload types (see Figure 1). Figure 1. The Heterogeneous Mix of Server Workload Types Of all the production workload server types (e.g., containers, virtual machines, bare metal) used by your organization, what is the approximate percentage breakdown run on each today? What do you expect this to be 24 months from now? (Mean, N=450) 100% 90% Containers, 19% 80% Containers, 33% 70% 60% Virtual machines, 46% 50% Virtual machines, 41% 40% 30% 20% 10% Bare metal servers, 35% Bare metal servers, 26% 0% Percent of production workloads run on each server type today Percent of production workloads run on each server type 24 months from now Source: Enterprise Strategy Group Business Agility and Today’s Speed of IT This shift to multi-clouds and micro-services is driven by the business imperative to leverage modern technology to enable companies to pursue new opportunities. In fact, many established industries have been disrupted by new brands leveraging the agility of the cloud to offer new experiences to customers, creating an imperative to understand and embrace these dynamics. The Decentralization of IT The decentralization of IT introduced with the personal computer and accelerated by knowledge worker mobility is now manifested by the pervasiveness of shadow IT—the use of IT systems without explicit organizational approval—a clear © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved.
Please complete the form to gain access to this content