34,79 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
Security is a primary concern for enterprises going through digital transformation and accelerating their journey to multi-cloud environments. This book recommends a simple pattern-based approach to architecting, designing and implementing security for workloads deployed on AWS, Microsoft Azure, Google Cloud, and IBM Cloud.
The book discusses enterprise modernization trends and related security opportunities and challenges. You’ll understand how to implement identity and access management for your cloud resources and applications. Later chapters discuss patterns to protect cloud infrastructure (compute, storage and network) and provide protection for data at rest, in transit and in use. You’ll also learn how to shift left and include security in the early stages of application development to adopt DevSecOps. The book also deep dives into threat monitoring, configuration and vulnerability management, and automated incident response. Finally, you’ll discover patterns to implement security posture management backed with intelligence and automated protection to stay ahead of threats.
By the end of this book, you’ll have learned all the hybrid cloud security patterns and be able to use them to create zero trust architecture that provides continuous security and compliance for your cloud workloads.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 295
Veröffentlichungsjahr: 2022
Ähnliche
Hybrid Cloud Security Patterns
Leverage modern repeatable architecture patterns to secure your workloads on the cloud
Sreekanth Iyer
BIRMINGHAM—MUMBAI
Hybrid Cloud Security Patterns
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Rahul Nair
Publishing Product Manager: Niranjan Naikwadi
Senior Editor: Athikho Sapuni Rishana
Technical Editor: Nithik Cheruvakodan
Copy Editor: Safis Editing
Project Coordinator: Ashwin Kharwa
Proofreader: Safis Editing
Indexer: Subalakshmi Govindhan
Production Designer: Prashant Ghare
Marketing Coordinator: Nimisha Dua
First published: December 2022
Production reference: 1201022
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-80323-358-1
www.packt.com
To my mother Parvathy and my father Ramakrishna Iyer for their sacrifices and the values they have instilled in me – to stay selfless, work hard, and be thankful.
To my wife Saritha and my sons Varun and Vignesh for their love, support, and inspiration.
– Sreekanth Iyer
Foreword
As enterprises and businesses adopt hybrid cloud to accelerate innovation, cloud security remains an important focus area to both mitigate risk and achieve compliance. Leveraging his hands-on experience in building cloud delivered products, as well as solution engagements with customers to address their challenges, Sreekanth has done a wonderful job in outlining a practical approach to cloud security in this book.
Capturing best practices and repeatable patterns is a great way to bring together the different dimensions of cloud security, with practical solutions that are readily usable. For each of the patterns, his approach to outlining use cases, challenges, solution approaches, along with applicable technologies from the different cloud providers, is commendable. Each chapter provides standalone content, rendering the book a readily referenceable asset which is thus very valuable to cloud security practitioners who can quickly get to their topic of interest.
I have worked closely with Sreekanth for more than a decade, and I can clearly see him bringing his expertise, experience, and passion for sharing his knowledge - all wrapped into this book.
Dr. Nataraj Nagaratnam
IBM Fellow, CTO for Cloud Security at IBM
Contributors
About the author
Sreekanth (Sreek) Iyer is a thought leader in architecture with over 25 years of experience building enterprise solutions across multiple industries. He is currently working as a principal architect with Apptio. Prior to this role, he worked as an executive IT architect at IBM. He has served as a trusted advisor on digital transformation strategies and the journey to the cloud for many enterprise clients. He is an expert in cloud engineering, security, complex integration, and app modernization. He is an IBM Master Inventor with more than 60 patents. He has built strong software engineering teams and made outstanding contributions to creating security reference architectures. When he is not working, he enjoys music and his time with family and friends.
My sincere thanks to Nataraj Nagaratnam and Sridhar Muppidi at IBM for introducing me to the world of security and for their continued guidance and support.
I’m grateful to Marc Fiammante for being my career mentor and inspiration to write this book. My gratitude to Kyle Brown and Bobby Woolf for imparting the knowledge on pattern language.
I’m thankful to Tony Carrato for the careful and detailed technical review of the book that helped significantly improve the quality of the content. I’m very fortunate to have Tony, who has extensive experience and deep expertise in the cloud security domain, as the technical reviewer .
I’ve benefited from every interaction with my IBM and Apptio colleagues. I’ve tremendous respect for each of them. This book reflects the knowledge and wisdom gained from engagement and collaboration with my talented colleagues.
Finally, my sincere thanks to the Packt publishing team – Neil, Niranjan, and Sapuni for their patience, support during difficult times, and their constant encouragement to complete this project.
About the reviewer
Tony Carrato is a member of the steering committee of the Security Forum at The Open Group, as well as an invited expert in their Security Forum. He is a member of the planning group for the New Mexico Technology Council’s Cybersecurity Peer Group and a part of the Critical Asset Management (for climate resilience) open source project. He is on the board of Telemetry Insight, a New Mexico startup, and a board advisor to the Ortelius open source project focused on microservices and software supply chain security.
He retired from IBM in 2019, with a total of nearly 50 years of technology experience. His major areas of expertise are in technology architecture, including security, enterprise, and solution architecture.
I’ve known and worked with Sreek for many years. He’s truly knowledgeable about security and the cloud and very good at explaining difficult topics in the area of hybrid cloud security. It’s been a pleasure and privilege to support this book coming to fruition.
Table of Contents
Preface
Part 1: Introduction to Cloud Security
1
Opportunities and Challenges with Hybrid Multi-cloud Solutions
The evolution of the cloud
Defining cloud computing
Cloud personas
Cloud deployment models
Cloud delivery models
From cloud to hybrid multi-cloud
Digitization trends
Application modernization
Data modernization and the emergence of data fabric
Integration, coexistence, and interoperability
Event hubs and intelligent workflows
Coexistence and interoperability
DevOps
Optimization of operations
Leveraging observability for a better customer experience
Automation, automation, automation
Building pipeline of pipelines for hybrid multi-cloud
Security for the digital hybrid multi-cloud era
App modernization and security
Data security
Security for integration, coexistence, and interoperability
Shift left security – from DevOps to DevSecOps
Configuration management
Security Orchestration, Automation, and Response
Integrated security and continuous compliance
Zero-trust architecture and security models
Summary
2
Understanding Shared Responsibility Model for Cloud Security
A strategic approach to cloud security
A shared responsibility model
Cloud security domains
A pattern-based approach to address hybrid cloud security
Summary
Part 2: Identity and Access Management Patterns
3
Cloud Identity and Access Management
User management patterns
Registration pattern
Identity federation pattern
Cloud identity pattern
User group management patterns
Service accounts
User de-provisioning
Authentication patterns
Logging in with user ID and credentials
Application access key or API key
SSH keys
SSO
Multi-factor authentication
Single logout
Physical authentication pattern
Authorization patterns
Access control pattern
Governance and administration patterns
Identity governance and administration pattern
Related patterns
Summary
4
Implementing Identity and Access Management for Cloud Applications
Authentication pattern for cloud application users
Problem
Context
Solution
Known uses
Service-to-service authentication
Problem
Context
Solution
Known uses
Cloud application authorization patterns
Problem
Context
Solution
Known uses
Summary
References
Part 3: Infrastructure Security Patterns
5
How to Secure Compute Infrastructure
Securing physical (bare-metal) servers
Problem
Context
Solution
Known uses
Trusted compute patterns
Problem
Context
Solution
Known uses
Securing hypervisors
Problem
Context
Solution
Known uses
Protecting VMs
Problem
Context
Solution
Known uses
Securing containers
Problem
Context
Solution
Known uses
Securing serverless implementations
Problem
Context
Solution
Known uses
Summary
References
6
Implementing Network Isolation, Secure Connectivity, and Protection
Network isolation patterns
Problem
Context
Solution
Known uses
Secure network connectivity
Problem
Context
Solution
Known uses
Network protection
Problem
Context
Solution
Known uses
Summary
References
Part 4: Data and Application Security Patterns
7
Data Security Patterns
Patterns for protecting data at rest
Problem
Context
Solution
Known uses
Protecting data in transit patterns
Problem
Context
Solution
Known uses
Data in use
Problem
Context
Solution
Known uses
Data classification and monitoring patterns
Problem
Context
Solution
Known uses
Summary
References
8
Shift Left Security for DevOps
Secure engineering and threat modeling
Problem
Context
Solution
Known uses
The DevSecOps pattern
Problem
Context
Solution
Known uses
Summary
References
Part 5: Cloud Security Posture Management and Zero Trust Architecture
9
Managing the Security Posture for Your Cloud Deployments
CSPM patterns
Problem
Context
Solution
Known uses
Summary
References
10
Building Zero Trust Architecture with Hybrid Cloud Security Patterns
Zero trust pattern
Problem
Context
Solution
Known uses
Summary
References
Index
Other Books You May Enjoy
Preface
Hybrid cloud security is a complex topic and needs different considerations in various security domains. People who are new to the topic can master the subject in no time with a pattern-based approach. Hybrid Cloud Security Patterns is a comprehensive introduction to cloud security patterns.
This book discusses security patterns and how to implement them, with specific cloud providers and pointers to tutorials and easy-to-follow prescriptive guidance. It comes complete with pointers to tutorials and guidance on how to secure or implement security patterns on specific clouds – AWS, Azure, GCP, and IBM Cloud.
By the end of this book, you will learn to use the power of patterns to address security for all your cloud deployments.
Who this book is for
This is a guide for cloud solution architects and security focals to securely deploy their applications in the cloud. This provides prescriptive guidance for cloud engineers/DevSecOps professionals who can build security by design for their cloud-native applications. This also provides business users who are considering cloud deployments with the different aspects of security that they need to consider.
What this book covers
Chapter 1, Opportunities and Challenges with Hybrid Multi-cloud Solution, discusses the evolution of cloud, cloud consumption and deployment patterns, challenges, and opportunities.
Chapter 2, Understanding Shared Responsibility Model for Cloud Security, discusses an overall approach to addressing hybrid cloud security.
Chapter 3, Implementing Identity and Access Management for Cloud Users, describes the patterns to implement authentication, access control, and audit for cloud resources.
Chapter 4, Implementing Identity and Access Management for Applications, shows you how to add authentication and access to web and mobile applications deployed in the cloud. This chapter will discuss the pattern to enhance apps with advanced security capabilities.
Chapter 5, How to Secure Compute Infrastructure, shows you how to secure Virtual Machines (VMs) and containers. We will discuss patterns to provide isolation to varying degrees and enable both portability and security for VMs and containers.
Chapter 6, Implementing Network Protection, Isolation, and Secure Connectivity, discusses how to secure a cloud network and the architecture patterns and security elements needed to secure the network, including isolation, connectivity, and protection.
Chapter 7, Data Protection Pattern, explores data protection patterns, including protecting data at rest, in transit, and in use. Data at rest protection patterns include how to protect files, objects stored physically in a database, or raw, in data or storage services. You will learn how to use encryption and key management patterns to protect data at rest, and understand the threats related to data in transit and patterns for protecting data in transit. This chapter will discuss the importance of certificates and their use in protecting data in transit. This chapter also discusses how to protect data during processing, as well as services from the cloud that deliver stronger end-to-end data security in the cloud.
Chapter 8, Shift Left Security for DevOps, discusses how to infuse security into a DevOps pipeline. Shifting left security to be incorporated in the early first stages of concept, development, and operations is required to ensure an application runs safely in the cloud. Threat and vulnerability management are critical aspects of security and compliance programs. This chapter discusses patterns to identify vulnerabilities in cloud resources across infrastructure, middleware, and applications and how to remediate them. Configuration management is another important topic that covers how to manage and control configurations for cloud resources to enable security and facilitate the management of risk.
Chapter 9, Manage Security Posture for Your Cloud Deployments, delves into Cloud Security Posture Management (CSPM), which helps to proactively monitor, track, and react to security violations. This chapter provides information on how to build end-to-end visibility and integration of security processes and tooling throughout an organization to get a security posture for cloud applications. A security and compliance posture provides a method to see controls in place against policies and their effectiveness. This chapter discusses how to prepare an enterprise to respond to large volumes of alerts and events related to cloud security. Given the use of multiple tools and a shortage of staff, enterprises need to adopt security orchestration, automation, and response to improve their effectiveness against security events.
Chapter 10, Building Zero Trust Architecture with Hybrid Cloud Security Patterns, discusses reference architectures and patterns to implement the zero trust model. The principles for zero trust are also discussed in detail. This chapter explores the use cases requiring the zero trust model and how to leverage hybrid cloud security patterns to protect critical data using zero trust security practices.
To get the most out of this book
The book assumes you have basic knowledge of the cloud and its advantages. Knowledge of the different types of cloud, their deployment, and consumption models is a pre-requisite.
The GitHub repository provides links that provide details on how to implement the patterns discussed in each chapter. Refer to Git pages and follow the links on the tutorials and examples from the security services and solution providers listed above. If you are using the digital version of this book, we advise you to type the code yourself or access the reference links to examples code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.
Download the example code files
You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Hybrid-Cloud-Security-Patterns. If there’s an update to the code, it will be updated in the GitHub repository.
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Download the color images
We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/cbJMK.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system.”
Bold: Indicates a new term, an important word, or words that you see on screen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “Select System info from the Administration panel.”
Tips or Important Notes
Appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Share Your Thoughts
Once you’ve read Hybrid Cloud Security Patterns, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.
Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.
Download a free PDF copy of this book
Thanks for purchasing this book!
Do you like to read on the go but are unable to carry your print books everywhere? Is your eBook purchase not compatible with the device of your choice?
Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.
Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.
The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily
Follow these simple steps to get the benefits:
Scan the QR code or visit the link belowhttps://packt.link/free-ebook/9781803233581
Submit your proof of purchaseThat’s it! We’ll send your free PDF and other benefits to your email directlyPart 1: Introduction to Cloud Security
Security is the primary concern for enterprises adopting hybrid IT and multi-cloud technologies as they pursue application modernization. By taking a strategic approach to security, businesses can infuse security into various stages of their journey to the cloud. This part will discuss how enterprises are adopting hybrid cloud and the challenges with regard to securing their transition to the cloud.
This part comprises the following chapters:
Chapter 1, Opportunities and Challenges with Hybrid Multi-cloud SolutionChapter 2, Understanding Shared Responsibility Model for Cloud Security1
Opportunities and Challenges with Hybrid Multi-cloud Solutions
Businesses are rapidly transforming to the digital era. Companies are reinventing processes and cultures to deliver enhanced experience to their customers using digital technologies. This drives the need to build new capabilities and modernize existing applications using the latest technology more quickly. Enterprises are trying to stay ahead of the competition. Being late to market can mean missed opportunities, lost revenue, or, even worse, going out of business. Companies who have been agile and successful are leveraging cloud at the heart of this digital transformation. Furthermore, they are taking a hybrid multi-cloud strategy and approach consisting of on-premises, private, and public clouds to drive better efficiency, performance, and cost optimization. For a business rapidly transforming into a digital enterprise that relies on a hybrid multi-cloud environment to do so, the security threats and attack surface become greater. It is critical to stay ahead of threats, protect valuable data and resources, and achieve regulatory compliance. This chapter discusses digitization trends, the hybrid cloud strategy adopted by enterprises, and the related security challenges.
In this chapter, we’re going to cover the following topics:
The evolution of the cloudThe digitization trends that drive opportunities and challenges for hybrid cloud solutionsSecurity in the digital hybrid multi-cloud eraThe evolution of the cloud
Driven by trends in the consumer internet, cloud computing has become the preferred way to consume and deliver IT solutions and services. Before we dive deeper into cloud security, it is important to understand some basic aspects of the cloud, the emerging trends in cloud solutions, culture, technologies, and modern development and delivery models.
Defining cloud computing
Let’s start by understanding and defining the term cloud computing in detail. It comprises two words – cloud and computing. So, simply put, it is computing that you can offer on the cloud. What exactly is the cloud referred to here? IT architects used the cloud symbol to represent the internet or the network in their drawings. The term cloud has evolved as a metaphor for the internet. Computing could be any goal-oriented activity requiring or benefiting from the usage of IT, which includes hardware and software systems used for a wide range of purposes – collecting, storing, processing, and analyzing various kinds of information. Cloud computing has evolved over time from utility computing to what it is today, enabled by virtualization, automation, and service orientation.
The following diagram defines the key elements of cloud computing:
Figure 1.1 – Cloud computing
There are several definitions that you can find on the web for cloud computing. National Institute of Standards and Technology (NIST) has promoted the effective and secure use of cloud computing technology within government and industry by providing technical guidance and promoting standards. According to NIST, cloud computing is a pay-per-use model of enabling available, convenient, and on-demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. In general, most of the companies have agreed on certain general characteristics or essentials that NIST has pioneered that qualify any internet-based computing to be referred to as a cloud. They are the following:
On-demand self-service: Cloud computing provides a catalog through which a consumer can request to provision any kind of service – computing involving a server, network, and storage or a middleware service such as a database or a software service such as email. This catalog provides self-service without requiring manual intervention on the part of the service provider.Ubiquitous network access: The key premise of cloud computing is that all the services and capabilities provided are accessible through the network. This can be the internet in the case of a public cloud or the intranet in the case of a private cloud. The resources on a cloud can be accessed through a variety of devices such as computers, mobile phones, and IoT devices over the network through multiple protocols.Location-independent resource pooling: A cloud’s business value comes from the economy of scale that is achieved by resource pooling. The provider pools the available computing resources and makes them dynamically available to clients based on demand. Physical resources including compute, network, and storage are pooled and leveraging virtualization assigned to clients in a multi-tenant model. In certain cases, consumers may not even know the exact location of the provided resources.Rapid elasticity: The cloud provides a means to rapidly scale up or scale down based on the demand. For the consumer, this is a very valuable business advantage of cloud solutions, as it requires them to only invest in resources when they need to. For instance, cloud consumers can start small with addressing requirements for one region or country and then scale their operations across the globe. Modern cloud technologies offer running applications and managing data without having to worry about infrastructure. Technologies such as serverless computing provide rapid elasticity and scale at a lower cost.Pay per use: Each cloud service is monitored, metered, and facilitates chargeback. This allows providers to promote their subscription plans and consumers to choose a billing model that is optimal for their resource usage. One example is a time-based pricing model – a per hour, per minute, or per second basis for resources such as servers. A tiered pricing model provides consumers to choose a plan from a set of price points that map to their volume or period of consumption – such as for storage, network bandwidth, or data used. Certain other services such as authentication or validation services can be consumed from the cloud with a plan that is based on active user accounts per month. The chargeback to specific departments inside the organization is now also possible with an accounting model supported by the providers and the ability to tag cloud resources to specific departments.Cloud personas
There are several actors typically involved in building and operating a cloud solution. Their roles and responsibilities and their relationships with other actors vary based on the industry:
Business owners: This actor’s responsibilities are to make appropriate cloud investment decisions. This section is more focused on the innovation and agility that the cloud can provide for their business. Once an organization has started with cloud solutions, then there are some typical actors that are involved in the day-to-day operational consumption and provision of cloud services.Cloud personas and their roles are shown in the following diagram and described in the section that follows:
Figure 1.2 – Cloud personas
Cloud service consumer: The enterprise or end user who subscribes and uses the cloud-based application or service.Cloud service provider: The organization that defines, hosts, and delivers cloud computing services to its consumers.Cloud service creator or developer: The organization or developer who creates and publishes the cloud service on a catalog for consumption.Out of all the roles across all these organizations, the key roles from an implementation and operation perspective are the following:
Cloud administrator who can perform the following tasks:Setting up the cloud account(s) for the organizationDefining the users, teams, and their associated rolesAllocating or defining the quota for projects and users with the associated chargesApproving or denying requests for provisioning or de-provisioning cloud resourcesMonitoring consumption by projectCloud user: Accesses or uses the cloud deployed applications, services, or provisioned resources (for example, the application, storage, or servers available to them).There are variations within these two roles depending on the cloud provider and consumer organization design. There is more rationalization of these traditional roles in the modern context. These roles include the following:
Cloud solution architect: The person with the knowledge and skills on how to design applications that can effectively leverage cloud capabilities. They understand specific cloud environments, such as AWS, Azure, IBM, and Google, and leverage their services and technologies to build highly scalable, performant, and available applications.Cloud DevOps engineer: A cloud user who is primarily responsible for developing the application component or service. The Dev-Ops engineer is also responsible for building the pipeline to deploy, monitor, and operate the service. DevOps speeds up software development and delivery, bringing close collaboration with engineering and operations teams.Service Reliability Engineer (SRE): Primarily responsible for improving the reliability of services through collaboration with development, proactive monitoring, and optimization of redundancies in operations. SRE is an integral part of modern cloud development teams who are involved in proactive testing, observability, service reliability, and speed.Security and compliance focal: Core members of the cloud teams who ensure the services are designed, developed, and deployed securely on the cloud. Ensuring services meet regulatory and security compliance requirements is the responsibility of the security and compliance focal. These resources define security policies and procedures, execute audit checks and governance related to backup, and restore automation for security and compliance tasks.Cloud deployment models
Driven by trends in the consumer internet, cloud computing has become the preferred way to consume and deliver IT services. The cloud supports multiple deployment models based on the given requirements. The capabilities delivered by cloud are accessible via a cloud catalog and categorized based on the IT service delivered. These integrated services or layers of IT-as-a-Service are often referred to as cloud deployment models. The details of each of the cloud deployment models are shown in the following diagram:
Figure 1.3 – Cloud deployment models
The different deployment models are as follows:
Infrastructure as a Service (IaaS): In this service delivery model, IT infrastructure is delivered over the network to consumers. This includes the compute (servers), network, storage, and any other data center resources. IaaS provides the ability to rapidly scale up or scale down infrastructure resources. IaaS consumers can concentrate on deploying and running their software, services, or applications without having to worry about managing or controlling the underlying resources.Platform as a Service (PaaS): Provides a platform for consumers to develop and deploy their applications. While IaaS provides the infrastructure resources, PaaS provides the programming languages, tools, and platforms to develop and deploy applications. Consumers have the ability the to control deployed applications and operating systems and environments.Software as a Service (SaaS): The cloud deployment model where application and services are made available to clients. In this scenario, customers can use a service without having to worry about the development, deployment, or management of these applications. In the SaaS model, the provider takes care of making the applications available to multiple clients. End users need not install or manage any software on their side and can access the applications through their devices of choice. Popular services or applications provided in the SaaS model are e-mail, ERP, and CRM.Business Process as a Service (BPaaS): An emerging model on top of SaaS where customers can consume business processes such as accounting and payroll, or HR processes such as travel and expense management as a service. These business services are accessed via the internet and support multiple subscription plans as advertised by the provider. The consumer can choose from these plans and subscribe to the services based on their requirements.Cloud delivery models
The support for different delivery models is the critical success factor of the cloud for business. The flexible cloud delivery models or cloud types are shown in the following diagram:
Figure 1.4 – Cloud types (delivery models)
We shall see the various types in detail:
Private cloud: Refers to resource pooling and sharing IT capabilities within the enterprise or behind a firewall. These are often managed privately and run by the enterprise itself and made available to the users on their intranet. A private cloud provides more flexibility to the enterprise in terms of the customization of services. At the same time, a private cloud also drives internal efficiency, standardization, and best practices. Since the resources and management are mostly local or dedicated, private cloud provides tighter control and visibility.Public cloud: Refers to a standardized set of business, application, or IT services provided as a service over the internet. In this model, the service provider owns and manages the service and access is by subscription. Multitenancy is a key characteristic of public cloud services that enable economies of scale. The flexible price per use basis is applicable and greater discounts apply to a committed higher usage.Hybrid cloud: Combines the characteristics and delivery models of both public and private clouds. The hybrid cloud as a solution combines the best of all worlds – on-premises, private clouds, and multiple public cloud services. In a hybrid cloud model, a solution can have components running on-prem on a private cloud or enterprise infrastructure connecting to services running on a public cloud. A hybrid cloud strategy is preferred by businesses, as it provides greater flexibility and resiliency for scaling workloads based on demand at reduced cost.Multi-cloud: Refers to leveraging services provided by more than one cloud – refers to the use of private and public services and their integration. A business may have multiple services across IaaS, PaaS, and SaaS provided by multiple vendors. A multi-cloud approach consists of a mix of major public cloud providers or hyperscalars, namely Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft (Azure), and IBM.Hybrid multi-cloud: If the multi-cloud deployment includes a private cloud or an on-premise data center as well, then the cloud deployment can actually be considered a hybrid multi-cloud. We also see several variations of adoption of these cloud delivery and consumption models.From cloud to hybrid multi-cloud
More cloud service types are emerging and guiding the development of the IT industry. These multiple delivery models can co-exist and integrate with traditional IT systems. The cloud type and delivery model selection depend on the workload and the intended benefits.
The key intended benefits from cloud are as follows:
Speed: Capability to provision on demand and elastically scale computing resources (infrastructure, platforms, software, and business services). This is enabled through automated secure and managed provisioning process. Most cloud computing services are provided through self-service catalogs on demand. A big set of computing resources and environments can be automatically provisioned in minutes instead of having to wait for hours and days. The delivery of services more rapidly is enabled with automation and less human intervention. With proper automation, this ensures fewer errors and fulfillment of requested qualities of service or Service Level Agreements (SLAs).Cost: Enterprises don’t have to invest in buying hardware and software for their data centers, as well as incurring the cost of managing these resources. Depending on the delivery and consumption model, the cost and security of the cloud are defined through a shared responsibility matrix that’s documented and reviewed regularly. The cloud provides a way to cut down on the enterprise capital expenses (Capex) on racks, servers, cooling, electricity, and the IT service professionals for managing the infrastructure. The cloud provides a more efficient pricing model and lowers both capital and operational expenditure.Flexibility: Businesses need to adjust the IT resources based on the market demands. They need to balance performance, security, availability, and scale based on the business requirements. The cloud provides a seamless and efficient way to manage availability, resilience, and security with flexibility to move workloads across on-premise, private, and public infrastructures and services.Resiliency: Improved risk management through improved business resiliency. Improved time to market and acceleration of innovation projects. Cloud computing makes data backup, disaster recovery, and business continuity seamless and inexpensive with multiple availability zones on a cloud provider’s network.Efficiency and global scale: The benefits of cloud computing services include the ability to scale elastically. That means rapidly expanding to new geographies with the right amount of IT resources. The cloud not only optimizes the IT resources but also frees up time for skilled resources to focus on innovative and future-looking projects. The cloud helps significantly improve energy efficiency through sharing and the optimal usage of resources. The cloud infrastructure and services are upgraded to the latest ones at a faster pace to provide fast and efficient computing hardware and services. This offers several benefits over traditional data centers, including reduced network latency for applications with multiple availability zones and greater economies of scale.Most enterprises start with something under their control to optimize what is behind their firewalls. So, the initial interest was tremendously geared toward private clouds – in both large enterprises and the mid-market. There was great interest initially in public cloud services for infrastructure services especially. Businesses have become comfortable moving workloads externally with domain applications available on the public cloud. This has resulted in a proliferation of hybrid clouds with the need for businesses to integrate their private environments with public cloud services.
Digitization trends
Enterprises are seeking to get a deeper understanding of their data and provide differentiated, personalized experiences for their employees, customers, and partners. This requires modern applications to be created that are more responsive and can be used by clients across different types of devices. This also requires collecting a lot more data and applying artificial intelligence and machine learning to create personalized insights. This experience must be highly scalable, available, and made available for large set of users. This means it has to be built and managed on hybrid multi-cloud platforms leveraging an automated DevOps pipeline. We will discuss the impact of this digital transformation across architecture, application, data, integration, management, automation, development, and operations. Security and compliance are important cross-cutting concerns that needs to be addressed for each of these areas as part of this transformation.
Application modernization
The key opportunities and challenges with application modernization in the context of hybrid cloud are discussed in the following diagram:
Figure 1.5 – Application modernization
The key trends in application modernization and migration to the cloud are listed as follows:
Cloud-native applications
