Cloud sprawl is the reality for most companies today. This e-book will help you rethink your approach to managing multiple cloud services by adopting an intelligent, modern solution to help secure and control your cloud resources. Key idea statements at the beginning of each chapter summarize the takeaways.
If your company is adopting a hybrid cloud model—keeping some workloads on-premises while moving others to the cloud—you're already aware that cloud computing is key to driving new levels of agility, innovation, and cost savings. But at the same time, some businesses transitioning to the cloud are seeing a corresponding proliferation, or sprawl, of cloud-based services that are often uncontrolled and unmonitored—and often, unsanctioned. Both IT and lines of business can contribute to sprawl, as they work independently or together to engage cloud services.
A recent survey of over 2,000 IT professionals revealed the top three cloud security challenges they're concerned about. Besides the inefficiencies created by running rogue apps or excessive workloads, cloud sprawl can also amplify security risks—and in the C-suite, that's a cause for concern. A recent survey indicated that 61 percent of CEOs worry that security issues pose a threat to growth.
In a world where multiple cloud instances and on-premises servers can exist within one IT organization, protecting against security threats becomes increasingly complex. More workload owners mean more devices to monitor, more apps and data backups to manage, more potential for data loss. And for most companies operating in a hybrid cloud environment, increased complexity is viewed as the number one challenge.
Point solutions can help solve specific security needs as they come up, but they don't address the big picture. In fact, adding point solutions often places additional responsibility on security teams who are already overburdened managing their existing infrastructure.
A modern solution that answers the challenges of cloud sprawl needs to be holistic. You must be able to see across your entire hybrid environment — every workload, app, and endpoint—to proactively manage and monitor all aspects of your cloud's security and performance.
As IT spend on cloud-based infrastructure continues to rise, addressing cloud sprawl now with a powerful, integrated approach to management and security can save you headaches down the road. By focusing on a solution that provides visibility and control across all of your resources, you will reduce operational complexity—and risk.
In a hybrid cloud environment, you need visibility across all of your resources to have true control. An integrated, cloud-native solution can provide the insights you need to fix issues faster, and to manage the risks introduced by cloud sprawl.
In the following chapters, you'll learn how an integrated approach to security, protection, monitoring, configuration, and governance can help your organization manage cloud sprawl and achieve a more efficient hybrid cloud.
Key idea: In a hybrid cloud environment, a strategic and holistic approach to security keeps your infrastructure and your data assets safe, while providing full visibility and control.
Today's security threats are relentless, and rapidly evolving. Your organization needs a comprehensive "always on" and "assume breach" strategy in place to be prepared for the inevitable attacks—whether internal or external. And in a hybrid environment, it's essential to have actionable insights that allow you to respond to incidents quickly.
A truly integrated, end-to-end infrastructure security solution gives you a unified view of all your machines, networks, and services, allowing you to protect your environment proactively, and reactively. When you have a holistic understanding of your security posture, you can:
Safeguarding all of your workloads, apps, and data can't happen without broad visibility into all processes at all times. Unlike traditional on-premises solutions, a cloud-native security solution lets you see your entire ecosystem and provides powerful analytics and real-time insights. You get the answers you need to keep your enterprise up and running, and you're able to detect threats and take action before they can cause damage.
Key idea: Business continuity involves data protection. In a hybrid environment, the ability to control all of your data resources across platforms is fundamental to protecting your enterprise against costly data loss and downtime.
Data is your organization's most critical asset, and data protection is one of the top challenges that IT must constantly solve for. Downtime reduction and avoiding data loss are essential for business continuity, and protecting historical data from system or human error is typically mandated by business, regulatory, or legal requirements. And in an era of anytime, anywhere computing, your users and customers expect your apps and processes to run 24/7—on-premises and in the cloud—regardless of platform or physical location.
By the numbers: Just how vulnerable is your data?
In the event of a disruption—if an application becomes unavailable, or if your backup protocols don't allow for easy data recovery, trouble can escalate quickly. In addition, the cost and complexity of protecting data assets continues to increase as data itself grows exponentially.
Traditional approaches and piecemeal solutions don't allow you to cover your entire environment and take control of your data resources. What's needed is a robust management solution that allows you to create customized backup and disaster recovery options to protect your data in the cloud, and on-premises. In the event of a disruption, this approach can accelerate recovery times and help you avoid costly downtime. Given the enormous cost of downtime, rapid recovery is vital.
Choosing a platform that provides integrated management and security across cloud and on premises resources can help simplify complexity in a modern hybrid cloud environment, meeting both the application availability and data protection needs of today's organizations. A comprehensive solution should consider requirements such as:
Key idea: When you have visibility into all of your assets—from infrastructure all the way down to a single line of code—it's easier to separate the noise from the important data and focus on what matters.
Applications drive business KPIs and end user interactions that must be understood and managed. Visibility is the challenge: you can't fix what you can't see. Problems can reside at the code level, or deeper within the infrastructure, and it's difficult to see holistic performance metrics across your entire hybrid ecosystem.
But insight into your IT systems and processes is about more than having a tool to provide dashboards or reports. It's about improving the performance and usability of your apps and services, making deep analyses and gaining insights from all of your on-premises, cloud, and multi-vendor solutions.
Machine learning also plays a role in managing and controlling application performance. An application performance solution enabled by machine learning makes it possible to continuously analyze application telemetry in the context of overall cloud behavior. Notifications and alerts based on actual usage data help you fine-tune as often as needed—and ultimately control how to do so with the least amount of downtime.
From failed requests to new feature releases, performance insights give you a heads-up about critical application issues. Insight into actual usage lets you see where the bottlenecks are, and how response times vary. When you know how much CPU, network, disk, and other resources are being used, and which code slows down your system, you can easily identify the problems and deploy a fix.
Simply stated, to manage your hybrid cloud with authority, you need to be able to keep track of what is happening—everywhere.
The power of insight: a hybrid cloud management checklist
With a holistic perspective, you're able to manage the big picture across cloud, on premises, and multi-vendor environments.
Using an application and IT service dependency mapping tool, you can automatically discover relationships and dependencies between IT components to help you accelerate troubleshooting and root case analysis. With an up-to-date view of dependencies, you can expedite your app and workload migrations, whether you are migrating to the cloud or other destinations.
As you look into the best ways to monitor your hybrid environment, you should take into account your ability to:
With this integrated approach to hybrid cloud management, it's possible to make data-driven decisions that keep business moving forward, with less friction, more precision—and bottom line results.
Monitoring checkpoints:
Key idea: Process automation, configuration, update management, and change tracking simplify cloud management and accelerate the time it takes to onboard your cloud or datacenter tools and resources.
Automation is a powerful antidote to complexity. There's no substitute for swapping out manual tasks for automated processes—and hybrid cloud management is no different. Instead of trying to manually manage configuration tasks across multiple platforms, you can get up and running quickly with tools that are built for the demands of a hybrid environment.
In a traditional datacenter environment, manual hotfixes are common—but often result in numerous "snowflake" servers that can't be managed or replicated. This problem is avoided in the cloud, where you can automate common processes using configuration management.
It is much simpler to use built-in policies and out-of-the-box dashboards and queries that can be configured to execute whenever you receive an alert, instead of relying on administrators to find and fix the same issues every time they occur. There's no code to write, and integration is vastly less complicated with smart automation tools that are ready to go.
Automated remediation | Take immediate action in response to alerts or log search queries: trigger runbooks on demand, automatically, or from your own datacenter. |
Orchestrated recovery | Reduce recovery time objectives: use repeatable runbooks in disaster recovery plans; customize groups and create recovery sequences for multi-tier applications and checkpoints. |
Integrated solutions | Save time and effort: use pre-built runbooks and automation modules; leverage out-of-the-box partner integrations and solutions. |
Consistent configuration | Avoid configuration drift: apply, monitor, automatically update desired app state and infrastructure resources. |
Intelligent patching | Reduce complexity: use insights into workload dependencies and time estimates; run group and sequence updates with owner approvals without unplanned downtime. |
Change monitoring | Enable compliance reporting: correlate changes and understand application dependencies faster with universal change tracker. |
In other use cases, you could easily automate password reset, implement virtual machines for a Dev environment, or schedule and deploy patches for Windows and Linux. There are many ways to save time managing at scale with integrated configuration tools that allow you to:
You can deliver more consistent service to your enterprise when you're able to apply, configure, and deploy automated processes in your heterogeneous environments. An integrated management solution with configuration capabilities substantially reduces downtime, improves time-to-value, and finds and fixes issues that can adversely impact your operations.
Key idea: Hybrid cloud requires a modern, integrated solution for governance that allows you to create consistent policies and processes and, at the same time, monitor the costs associated with your cloud investment.
In a hybrid cloud model, you need a consolidated view of your IT architecture in order to implement consistent policies that will support compliance. Traditional policy management tools simply aren't designed for the complex world of cloud computing.
Using a holistic solution, you can deploy out-of-the-box dashboards, queries, control, and policies to address a broad range of compliance and governance issues, including access, logging, auditing, and reporting. You're able to create truly flexible policies—defining by workload what you can and can't do—that can be monitored, checked, and adjusted as issues arise.
To make informed decisions about allocating your cloud resources, look for opportunities to:
Control, convenience, efficiency, and reducing overall infrastructure maintenance costs are just some of the benefits you can achieve in your hybrid cloud with an integrated management solution. Cloud native tools—based on data intelligence and machine learning—offer policies that are "good to go" at the time of setup. There's really no need to reinvent the wheel or rely on manual processes when you implement a management solution that's made for the cloud.
A sample list of activities that you should have policies for:
IHG (InterContinental Hotels Group) is one of the world's leading hotel companies, with 350,000 employees, and more than 5,200 properties in almost 100 countries. The company has a deep commitment to innovation and a long history of investing in technology.
IHG adopted a hybrid cloud model to better align IT practices with its broader business goals. As part of that realignment, IHG's Global Technology IT focused on standardizing as many of IHG's IT functions as possible, with the goal of using standard solutions worldwide that can be tailored to local needs.
A positive experience with StorSimple—which accessed Azure Blob storage—led IHG to consider Azure security and management services to meet its cloud and hybrid use cases. Azure security and management services provided IHG with a holistic, global view, with a minimal amount of administrative effort.
"We deployed a single agent and then immediately, with very little time spent by an administrator or engineer, we saw information such as patch levels of the servers and Active Directory replication issues on a worldwide basis," says Jason Roth, Senior Engineer on the Global Technology Enterprise Systems team. "The turnaround time from logging in to the operations management web console and having actionable information available was the same day. It amazed me that it was so useful, so quickly. Global infrastructure metrics that were difficult to aggregate before suddenly appeared once we deployed an agent, which really appealed to us."
The Azure Automation and Control service has had a significant impact, offering the capability for technicians to write code and place it into a runbook in Azure. IHG's technology team is now storing that code and making it available throughout IT. "This allowed us to provide an API for automated Active Directory tasks that could be called from our open source or non-Windows systems," says Roth.
Azure has also provided an additional source of information, especially with Azure Insight and Analytics, which helps collect and analyze data generated by resources in cloud and on-premises environments. "We answer queries, collect information, and have dashboards showing us near-real-time DNS server performance," says Roth. "The system shows us account lockouts, failed logins, and similar information."
In the end, it all comes back to ease of use. "IHG Global Technology is on a journey toward an Agile DevOps style of managing our applications," says Roth. "Tools that deploy easily, scale infinitely, and provide metrics we can use to perform our changes in near-real time are incredibly valuable."
As more and more cloud services are being adopted by organizations—both on the IT side and the business side—complexity has increased, making it a challenge to manage a sprawling cloud environment.
The best way to manage cloud sprawl is with a centralized integrated security and management solution that offers end-to-end visibility and control across all of your cloud resources. Point solutions can't offer this—they lack the holistic view that is essential to understanding the big picture.
In fact, an integrated approach to security and management should be the core of your cloud strategy. Without full insight into your entire IT ecosystem, you run the risks of downtime, data loss, and numerous operational inefficiencies.
As you evaluate your options, review the concepts we've discussed in this e-book—security, protection, monitoring, configuration, and governance—and understand the role that each plays in keeping your enterprise secure.
New solutions: what can Azure security and management do for your business?