Anuj Bhalla
VP & Business Head – System Integration, Products & Maintenance Services, GIS
Profitably Managing the Cloud Migration
"The planning and implementation of Identity and Access Management has become a key control in cloud adoption"
Growing concerns in scope and control among Cloud service models
Regulatory compliance is a key concern in public cloud. The cloud consumer has to ensure that controls for compliance are appropriately addressed either by the provider or by including controls for data & applications on the cloud.
Various risks associated with Cloud computing as customers see it
From a customer perspective, the risk lies in the areas of managing multiple Cloud service providers across regions. Adding to it, easy access to own data, audit rights, proper monitoring of Cloud service, data protection, data security & confidentiality and the need for standard/certification are the major areas of concern.
The policy and risk management controls for Cloud
Risk management is about determining the probability and magnitude of uncertain, undesirable events and then using that data to make more informed decisions. For the Cloud, the question is where the risks exist, what they really are, and how to reduce losses and maximize gains from Cloud deployments.
The risks can be controlled by extending Information Security Management System (ISMS) to incorporate Cloud security. Adding to it, segregation of duties, i.e., the concept of having more than one person required to complete a task on Cloud prevents the instances of fraud and error.
Managing identity and access across physical and virtual environments
Cloud is changing the way a business operates, driven by cost efficiencies and economies of scale. However, failure to implement effective security can undermine the benefits of Cloud computing. Identities, trust, authentication and access controls have obtained additional significance. Hence, the planning and implementation of Identity and Access management (IAM) has become a key control in cloud adoption. Ensuring IAM will not only help an organization meet compliance obligations but also ensures optimum cost benefits of the Cloud transition.
A phased approach to deploy IAM for the cloud helps minimize the risks and leverage benefits of the cloud faster: First, Plan – which includes understanding the environment and risk analysis for IAM while moving to the cloud. Next is Design - where IAM framework and architecture for target state and the test plan is created. Additionally, metrics for measuring IAM effectiveness are also defined. Next is Pilot - where the IAM solution is rolled out for a subset of users, and tests related to workflows, connectivity, performance etc are carried out. The final phase is Deploy - that rolls out the full scale deployment for all users.
Effort breakup between phases would depend on the cloud service/deployment model, organization risk appetite, solution complexity and the user base (volume and type of users). However, as a general guidance, we recommend about 30 percent effort for Plan, 45 percent for Design and Pilot, with the remaining effort for Deploy. Due to the evolving nature of the cloud, the Design and Pilot phases typically tend to be iterative with feedback from the Pilot leading to further design updates. Effort for the Deploy phase can be comparatively lower. However, one should factor in some additional effort in Deploy to address risk of any full scale deployment issue.
Managing and monitoring the entire Cloud infrastructure
Whether deploying a private, public, or hybrid cloud, the fundamentals of systems management and monitoring doesn’t change. Cloud operations management requires unified visibility and real-time awareness of the entire cloud infrastructure. Managing cloud infrastructure needs lot of work and constant improvement. Doing that work and learning those skills is probably not central to a lot of businesses today.
Wipro offers a completely managed environment with 24x7 support, ongoing maintenance DevOps and deployment management. It’s everything which enables an organization to successfully deploy applications and services in the cloud with very little work. The approach outlined here however, is intended to provide a high-level guidance to organizations on deployment considerations and steps to follow for IAM, ensuring a process approach that can provide the cost benefit an organization seeks from its cloud migration.