Businesses operating in many different industries are required to comply with regulatory standards. The purpose of these guidelines is to protect the privacy and security of transactions that involve sensitive data. In some cases, multiple sets of guidelines must be followed to protect data resources and avoid financial penalties and negative public relations. 

For example, a company operating in the healthcare market in the U.S. has to abide by HIPAA regulations to protect patient data and comply with the PCI-DSS standards regarding credit card information. If they have customers in the European Union, they also need to comply with the EU’s GDPR standards.  

Keeping track of the various standards and ensuring an organization is compliant with them can quickly become very challenging for companies of any size. Larger organizations may have dedicated compliance teams to streamline the process. Smaller businesses often do not have the in-house resources to effectively address regulatory compliance. In many cases, small and mid-sized companies in regulated industries need help to attain and maintain compliance. 

Finding a Compliant Infrastructure in the Cloud 

Public cloud computing vendors make it their business to tailor offerings to directly address customer concerns. The focus on data security and compliance combined with the rise of ecommerce sites that need to protect cardholder data has influenced cloud providers’ service portfolios.  

Companies implementing compliant infrastructure in the cloud stand to benefit in multiple ways from their partnership with a reliable provider. 

Ready-made compliant infrastructure

Cloud providers deliver a compliant infrastructure that companies can use to collect, store, process, and manage sensitive data. The providers should ensure a company has a secure network for transferring data and deploy an intrusion prevention system (IPS) to keep malicious actors away from sensitive data. Maintenance of hardware and software resources is the vendor’s responsibility.  

Cost savings

Building compliant systems from scratch can be an expensive proposition. The availability of on-demand systems from cloud providers reduces capital expenditures. Flexible cloud payment plans enable a business to maintain a compliant infrastructure without breaking the bank.  

Technical expertise

Many small companies and startups need technical resources that are not available internally. Cloud vendors can fill this gap by providing the knowledge and expertise required to keep compliant systems running smoothly.  

Cutting-edge technology

The world of compliance is constantly evolving with new standards being introduced and innovative techniques developed to secure sensitive data resources. The vast resources of public cloud providers enable them to invest in cutting-edge solutions that benefit their customers.  

Organizations that choose to employ cloud resources for regulatory compliance need to fully understand the shared responsibility model that characterizes all areas of cloud computing. In this model, the vendor is responsible for the security of the cloud infrastructure. Customers bear the responsibility for protecting the sensitive data they store in the cloud with activities such as firewall configuration and implementing end-to-end encryption. 

 It can be a daunting prospect for businesses to address compliance requirements. Working with a reliable cloud vendor can alleviate the stress and provide the necessary infrastructure to maintain compliance. It’s another example of how cloud computing can solve companies’ real-world problems.

In the world today, there is significant growth in the remote workforce, which has made moving to the cloud a necessity for almost every business. For small businesses, remote work is an important addition since it allows them to compete with heavyweights. Cloud solutions are incredibly valuable since they allow small businesses with limited infrastructure and staff to access affordable tools to help them do business and grow. As a small business considering a transition to the cloud, you need to understand the benefits you will gain from it. As a small business, here are some advantages that you can get by adopting cloud computing.

1. Provides more flexibility for small businesses

Cloud computing is a solution to the ever-growing bandwidth demands for small businesses. It becomes easy to scale up your capacity with cloud-based services by taking advantage of remote servers. When you have more demands from customers or operations, you can easily increase the bandwidth. It is also easy when you want to downsize or scale down. This kind of flexibility gives businesses a real advantage in improving operational efficiency.

2. Cloud-based services have data recovery

Data loss can be devastating to any business, small or large. The devastation is not only about the loss of files but also the time and money spent while trying to recover them. Investing in in-house data backup solutions is expensive and inefficient for most businesses. However, getting a robust data recovery is ideal. Cloud computing helps small businesses establish the robustness of data recovery methods. Due to the expertise that the cloud-based services have, they can provide fast data recovery after any disaster, including enabling data to be wiped from a stolen laptop.

3. Eliminates tedious software updates

One crucial thing about the cloud is that you do not have the servers within your premises. This means a third party is responsible for the hardware and software and regular system updates. A cloud can also reduce the cost of maintenance by up to 16%. This means that the money saved can be put into other things, such as designing and developing market solutions and interacting directly with the customer.

4. Subscription services ease cash flow management

With the rise in subscription-based business models, small businesses no longer have to invest massive capital in purchasing hardware, software and storage. Rather, they can pay as they go. It is also easy to set up and manage IT projects, which have become a lot friendlier. It has made it easy for small businesses to take their first step toward cloud adoption.  

5. Cloud computing means employees can work from anywhere

Small businesses often lack enough office space or have none at all in terms of internet-based enterprises. With cloud computing, you can work from anywhere as long as you have an internet connection. The most serious cloud services offer mobile apps, and employees will not be restricted by their devices. Considering there are millions of smartphone users globally, accommodating them through mobile apps ensures workers can use whatever device they have in their possession. With this flexibility in working, workers can enjoy a work-life balance that suits them without adversely affecting productivity. According to Gartner, a work-life balance makes employees happy and leads to an organization attracting higher-skilled workers.

6. Collaboration

Collaboration is a key selling point of cloud computing that any business-small or large- can benefit from. When your teams can access documents, edit and share them any time from any location, they can work together. File sharing apps and workflow solutions help teams update in real-time and fully visualize their collaborations.

High-performance computing (HPC) is the ability to process data and carry out complex calculations at fast speeds. An example of HPC solutions is the supercomputer. A supercomputer contains thousands of compute nodes working together to complete tasks in what is called parallel processing. With data, groundbreaking scientific discoveries are made, innovations are fueled, and improved quality of life for many people globally. With HPC, there is a strong foundation of scientific, societal and industrial developments.

As organizations increasingly embrace cloud computing, HPC has become critical in cloud adoption. According to Forrester Research, there are some signs that cloud computing will benefit significantly from HPC. Unlike the traditional HPC, there is a promise of better high-performance computing in the cloud. Although there are many success stories of many industries on the cloud, it is different when it comes to looking at markets that have relied on HPC. With the adoption of the cloud-based HPC, things might take a different turn. For instance, new market entrants will enjoy a competitive legacy over the incumbents who rely on legacy systems just by adopting cloud computing.

Legacy companies have expensive engineering talent that queue to run workloads on specialized high-performance infrastructure. Across all the scientific or science-related sectors of the economy that account for about half of the HPC market, HPC workloads may sit idle in the queue for a long time as they wait for their job to run. For startups, it can be easy for them if they take a shortcut through the cloud, which constantly iterates. With the constraints associated with capital which is a characteristic of startups, cloud-based HPC gives them a chance for survival and success like the established businesses. They need to focus on getting the right engineers and money for their core business operations while not worrying about experts in HPC and infrastructure.

HPC and the cloud

Despite the challenges that legacy systems present, there is hope in cloud-based HPC. Rescale is an example of companies that has taken advantage of cloud-based HPC by creating a brokering middleware business specializing in HPC. This organization, just like its competitors, is bridging the gap between on-premises and cloud worlds with regard to HPC workloads. Cloud offers companies such as Rescale an opportunity to access the optimal resources they need to process HPC jobs and automate their workflows. Furthermore, the cloud gives them real-time granular bookkeeping regarding the details required by the customers.

Why cloud HPC?

The common complaints about engineering organizations regarding HPC include the clusters being tied up, inflexible setup with low automation, lack of a way to add short-term capacity fast, lack of a proper remote visualization, poor collaboration, and lack of qualified personnel or experts. Cloud computing rectifies these complaints in many ways. It increases flexibility and scalability by adding public cloud resources and combining internal resources with private cloud. Furthermore, it increases engineer productivity by running on large on-demand clusters that use parallel computing and performs optimization. Cloud increases accuracy by removing CPU limitations, allowing engineers to use detailed models. It offers access to specialized hardware, including large memory, new processor architecture, and GPUs. The cloud cuts engineering and licensing expenses by reducing computation time, thus eliminating the effort to simplify models to fit the existing hardware limits.

With the brittle HPC systems in place today, there is a need to create a bridge to take advantage of cost savings related to the cloud. The combination of the traditional HPC with the cloud provides the potential to make HPC more responsive to the changing needs of enterprise and elastic infrastructure.

Adopting the cloud for hosting various business data and applications offer various advantages that could not be attained when using the traditional methods. The benefits include easy management, access and scalability. It can also reduce the cost of operations in the long term while enhancing efficiency. With the cloud, companies have managed to embrace digital transformation easily, which was evident during the global pandemic that forced people to work remotely. The cloud’s dependability and flexibility enabled organizations to quickly and easily migrate to remote work at a reasonable cost. However, the cloud also presents certain risks. The risks have traditionally led to the denial of service, data loss, and malware.

Despite the advantages of flexibility, a swift shift to the adoption of the cloud can result in mistakes, commonly referred to as misconfigurations. These are caused by errors or poor cloud service configuration choices. While some people might see the small misconfiguration as a non-issue, simple mistakes can lead to unintended exposure of information and challenges in service delivery.

While they may appear small and avoidable, misconfigurations present significant risks to the cloud environment. It is alleged that 65 to 70% of all security issues experienced in the cloud environment are caused by misconfigurations. These include settings, policies, assets and interconnected services and resources. This is especially challenging considering organizations have been migrating quickly to the cloud as remote work became a new norm. Unfortunately, when organizations start rushing to adopt new technology without understanding the potential problems and configuration best practices, it can lead to unprecedented issues in the end.

As one of the attack vectors, misconfigurations have been identified as the reason behind losses of almost US$5 trillion in 2018 and 2019. In 2020, for example, Estee Lauder records, including user email addresses, audits, production logs and other crucial pieces of information, were exposed. On the other hand, CAM4, an adult website, leaked 10.88 billion records, including users’ personally identifiable information (PII), passwords, and payment logs.

A data breach can be an attack where sensitive or confidential information is lost, viewed or stolen by unauthorized people. Data breaches can lead to various business impacts like damaging the company’s reputation and leading to mistrust, loss of intellectual property to competing companies, regulatory implications, legal and contractual issues and financial expenses.

Inadequate control of change and misconfiguration

Misconfiguration is said to have occurred if computing assets are incorrectly set up, leaving these assets vulnerable to breaches and other malicious activities. Some key examples of misconfiguration include unsecured data storage elements, excessive permissions, inadequate security controls, controls being left disabled, lack of logging or monitoring, unrestricted port access and unpatched systems.

Recommendations for keeping off misconfiguration issues

1. Grant the least-privilege access

Users need to be given only the necessary access or permission they require to operate. Admin privileges should be given only to those who require them.

2. Adhere to the shared responsibility model

When users understand their tasks and responsibilities, misconfigurations reduce the risk of breach. A shared responsibility model will help users understand what they are responsible for and enable the organization to monitor and patch configurations.

3. Educate and train staff

Team members need to learn the importance of proper configurations ad their responsibilities. They should identify insecure practices so that they can promptly report issues. This can only be achieved through education on the threats and misconfigurations they need to watch.  

4. Create and implement security procedures, policies and standards,

Effective and detailed rules, policies, procedures and standards must be identified, defined and implemented to reduce the risk of misconfigurations. These are policies associated with creating and using passwords, encryption, remote access, and database management.

If you work in an IT department or an executive position in an organization, you have probably heard of how enterprises are investing in cloud computing and taking their computer systems and applications to the cloud. As an organization, if you want to transition from on-premises infrastructure to a multi-cloud, hybrid cloud or both of them, you should know that this is the single most significant shift that your company will face.

Whether you are looking to migrate your applications or infrastructure to the cloud or shut down the on-premises data center, here are a few practices you should abide by. 

1. Make a cloud-first commitment

All applications should be moved to the cloud unless there is a compelling reason to remain on-premises. This is what cloud-first commitment means. However, there can be compelling reasons like cost, security or governance challenges and concerns that may force you to keep some applications in a data center within your organization. Ensure that public and private cloud integrates easily. Regardless of the circumstances, prioritize a cloud-first strategy so that you can reap maximum benefits of the cloud.  

2. Understand your cloud economics

Understanding the economic side of the cloud may appear simple. However, most organizations do not take the time to understand the needs of their businesses and what it takes financially to move to the cloud. By building a business case, your organization will gain valuable insights to enable you to understand cloud economics. Understand aspects like current costs, and the cost of the entire package. Other costs like hardware, networking, disaster recovery, downtime, upgrades and service level agreements should also be understood.

3. Decide the cloud services to use

Given the many cloud services available, businesses must identify the ones that suit them and the ones they plan to deploy. This will reduce the chances of running more services than necessary or than can be managed appropriately. Furthermore, it may result in failing to determine the right way which cloud services are best fitted to the workloads. The right services may vary from one workload and business to another. Businesses must generally consider factors like the cost of each type of cloud service, how hard or easy it is to deploy workloads on a cloud service, how a service can be managed and monitored, or the security risks that a particular service can create.

4. Understand what should not be migrated to the cloud

Businesses should know that certain workloads may be better if left out of the cloud migration plans. For instance, applications that depend on local networking configurations can be difficult to replicate in the cloud. Other applications may need direct access to the hardware, which can be difficult to achieve or can be costly to be done in the cloud. Identification of these apps should be made early in the cloud transition. Develop steps for modification of those applications to suit the cloud or commit to keeping those apps out of the cloud.

5. Find out security risks

Migrating to the cloud is not free of security challenges. Therefore, before migrating your data, applications and infrastructure, ensure you know that the cloud can be a source of various concerns. Because of the connection of the cloud to the internet by default, it can be easy for attackers to locate and exploit weaknesses in cloud resources. The complexity of the cloud and possible misconfigurations that emerge from it, like allowing public access to sensitive storage, can have unprecedented implications concerning security. Therefore, you must assess how to mitigate the identified security risks as part of the cloud transition plan.

Excited for your doctor to resemble a robot in a sci-fi movie? With the arrival of cloud computing into the healthcare industry, not only are robots on the way, but automated, internet-connected medical solutions are already a reality. Cloud connectivity within healthcare connects, synthesizes, and analyzes health-related data within the cloud — and delivers it to the provider or the consumer. 

Connecting to the cloud  increases efficiency, enhances privacy, reduces costs, and even saves lives. The cloud’s influence on healthcare is made clear when you consider that the global cloud computing market for healthcare is growing by 20% a year. 

Check out five of the ways that cloud computing is creating better healthcare.

Remote Surgery Performed Around the World

With new technologies that provide hyper-low latency, tele-surgery is now a reality. Instant signal transmission and VR advancements enable surgeons to operate remotely, safely and  globally. Patients who live in remote areas can have access to the same medical care as those who live in a city.

IoT Connected Medical Devices React Instantly

IoT-connected medical devices have revolutionized personal healthcare.These instruments track patients’ health 24/7 and react instantaneously to any issue by constantly sending the patient’s data to the cloud, where the information is stored and connected to relevant medical professionals.

Smart Ambulances Provide Treatment En Route

Countless lives are lost in the ambulance between the home and the hospital. Smart ambulance technology can reduce these casualties. EMTs could communicate with ER doctors in real time, using VR technology to transmit patient information and administer treatments. 

Electronic Patient Records Improve Medical Practice 

Healthcare centers now store their patient data on the cloud, as it’s simple and forms a virtual shared network. Doctors can see the medical history of each patient, even if they were under the care of a different doctor. 

Preventing Global Health Crises with De-identified Data

Digital medical data can be anonymized and analyzed. Cloud computing allows for this data to be compiled and used to create powerful algorithms. These algorithms can learn to diagnose illnesses or track epidemiological trends, hopefully preventing another global pandemic.

Bringing the cloud to the realm of healthcare has enormous potential. There are many innovative cloud solutions with the power to both reform the healthcare system and save human life. Ridge’s distributed cloud, with its hyper-low latency and endless scalability, as well as its ability to run workloads on any infrastructure in any edge location, is uniquely prepared to support cloud computing in healthcare.

 “There is no business strategy without a cloud strategy”. So said Gartner in a recent symposium. By 2025, over 85% of organizations will embrace a cloud-first approach and will not be able to fully execute on their digital strategies without the use of cloud-native architectures and technologies. 

But as more and more workloads move to the cloud, businesses are realizing that no single static cloud architecture offers consistently great application performance for all users. There is a clear need in the market for a flexible cloud that can be rapidly adapted to specific needs.

There are many reasons why centralized cloud infrastructure is not appropriate for some businesses: 

For some, it’s about where their data resides. For others, it’s their preference for maintaining existing commercial arrangements. For still others, it’s about governance and regulations. And for applications with strict response time requirements — such as AR, telemedicine, and robotics —it’s latency and throughput which can’t be effectively supported by a data center, even if operated by a hyperscaler, if it is located many miles away.  

Flexible Does It  

After more than a decade in which cloud computing was synonymous with a large public cloud, businesses are discovering that one size does not fit all. A desired computing strategy may be partially on-premises, partially bare-metal, and partially co-located, but also fully hybrid across multiple continents. These application owners need a cloud provider that offers architectural flexibility to build a cloud customized for their needs. 

To address this demand, a new cloud paradigm has emerged: the Unified Distributed Cloud (UDC), in which workloads can be spun up in 1000s of locations across the globe. In this architecture, existing local data center and on-premises capacity is transformed into modern PaaS offerings, such as managed Kubernetes and object storage. 

Until now these modern, cloud-native services were only available from the hyperscalers. No longer. On the Unified Distributed Cloud, application owners can enable desired configurations and states to be implemented on physical resources anywhere they need them to run. This is accomplished programmatically through modern APIs, allowing business-critical applications to run in specific locations.

Love the Cloud You’re With

A UDC enables computing resources to be wherever you need them to be. Whether the need  is for proximity, commercial reasons, or data constraints, in all cases cloud workloads will seamlessly mesh with existing infrastructure. It’s the best of two worlds: the agility and ease-of-use of the public cloud together with the high performance, high throughput and full data control of localized infrastructure.  

A UDC is designed to be fully interoperable with any private, hybrid, or multi-cloud architecture. As a result, enterprises can create an optimized cloud computing strategy, taking advantage of existing and available infrastructure in the location — or multiple locations — of their choosing.  

Think Globally, Cloud Locally

As an alternative to the traditional public cloud model, the UDC enables application owners to utilize a global network instead of relying on compute resources in a specific location. Interoperability with existing infrastructure empowers enterprises to deploy and infinitely scale applications anywhere they need. While the large public cloud benefits from economies of scale, a UDC takes advantage of the economies of locality and distribution. 

With the growing adoption of cloud-native applications to serve new markets, the Unified Distributed Cloud’s flexibility helps businesses customize a cloud strategy which is right for them.

Jonathan Seelig, is co-Founder and Executive Chairman of Ridge, the world's most distributed cloud. He works with early-stage technology companies as an investor, advisor, and board member. He was previously co-founder of Akamai, the world’s first CDN. Mr. Seelig is a frequent speaker at cloud industry events.

Cloud computing is a technology that almost everyone has come across these days. If you have been following up on the tech trends, you have probably heard about cloud computing and its potential to alter the business landscape for the better. The growth of cloud computing has helped businesses achieve immense benefits, accomplish various objectives faster and gain a competitive advantage in the market. As such, if you are a business owner, you should consider integrating it into your organization for the success of your business. Although it is easier said than done, the success of the cloud depends on how it is well integrated into your operations. Here are some tips on how to implement cloud strategy in your business.

1. Understand the needs of your company

Cloud computing services come in different types. They include infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Since all of them work differently, the choice of the type of service depends on your requirements. You can only find this by asking yourself questions like how do you want to use cloud computing? Do you need it in all your business processes, or do you want to use it in a particular segment? You must answer these questions satisfactorily before you start integrating cloud computing into your operations. The answers will help you find out your needs so that you can identify the type of cloud service you need. 

2. Understand the uses of cloud computing technology

For many organizations, technology is mainly used to secure and speed up the provision of services. For the cloud, however, its most common use is storage. With such storage space, businesses can access data from anywhere with internet access. Furthermore, files can be transferred, and teams can work from anywhere, as long as they are connected to the internet. It is good to understand what cloud computing can do for your organization and understand how it works before implementing it. If possible, compare the cloud services and understand areas that do not need them. 

3. Familiarize your employees with the cloud technology you are adopting

Since the decision to integrate the cloud in your organization is a major change, it requires the input of everyone in the business. Therefore, you need to bring your employees on board and ensure they understand what you want to do. Let them raise their concerns or share their ideas on the matter. Also, provide education on cloud technology to ensure that the transition to the new system is seamless and smooth. Inform your team about migration plans and explain to them their duties and how they will benefit from the changes. 

4. Understand the risks

Although the cloud has been lauded by many for the potential advantages to businesses, it also has various risks that need to be understood by everyone before integrating it into a business. Therefore, as you look forward to taking advantage of this technology, it is crucial to understand the risks you may face before integrating it. By reviewing all the possible risks, you can come up with a plan to prevent them later. The key concern is data security. Considering the cloud depends on the internet, it is always a challenge to maintain the integrity of systems at all times. Although most cloud service providers do their best to ensure that data is secured all the time, you as a customer must understand the potential challenges and act responsibly at all times. Always backup your data and site within the cloud as a mitigation measure against security breaches or corruption of data. Allow a few trusted employees to access the systems so that the data can remain safe

According to Tech Target, the cloud offers great business continuity.                                                           

Data protection and business continuity offerings were once only financially accessible to large companies that could afford to construct a secondary data center.

Read the article Tech Target

JupiterOne, a cloud-native cyberasset attack surface management provider, has raised over $70 million in series C funding, reports VentureBeat.

 Today, cloud-native cyberasset attack surface management (CAASM) provider JupiterOne announced it has raised $70 million as part of a series C funding round, bringing the company’s total funding raised to over $119 million, and its estimated valuation to more than $1 billion.

Read the article VentureBeat

AWS remains the top public cloud service, reports SDX Central.

Amazon Web Services (AWS) maintained its domination of the global public cloud services market in terms of market share and revenue growth in 2021. 

Read the article SDX Central

Informatica has rebranded itself for the cloud, reports SiliconAngle. 

People have long regarded Informatica Inc. as a stodgy provider of extract, transform and load or ETL services, proficient at moving data from mainframes to data warehouses, but not much else.

Read the article SiliconAngle

The big cloud providers all want your business and are constantly rolling out new offerings designed to attract and retain customers. In this article, we are going to look at some of the flagship products and services available from the largest public cloud vendors ranked by revenue in mid-2021 as determined by Statista. 

Microsoft Azure

Azure is the leading cloud vendor based on revenue and offers a wide variety of products and services addressing the needs of small, medium, and large businesses. The company has capitalized on the installed Windows operating system customer base and prioritizes integration with legacy systems.  

The combination of legacy support and cutting-edge tech logic make Azure a viable choice for enterprises migrating workloads to the cloud or operating hybrid environments. Cloud-managed instances of the popular SQL Server relational database provide just one example of the specific solutions available from Azure.

Amazon Web Services (AWS)

Amazon may lack the enterprise relationship onramp enjoyed by Azure but makes up for it with its constant innovation and quality of its products and services. Some of its distinctive offerings include its analytics and data lakes, machine learning, and extensive storage options for everything from disaster recovery to long-term archiving.  

Amazon offers free trials of many solutions such as Amazon Lightsail, used to launch and manage virtual private servers, Amazon EC2, providing virtual cloud servers, and SageMaker, to build and train machine learning models. AWS is also the only major cloud provider to offer macOS virtual server support. 

IBM Cloud

The offerings of the IBM cloud are tailored to meet the needs of the company’s large and medium-sized enterprise clients. IBM concentrates on PaaS and IaaS solutions. Acquiring Red Hat in 2019 demonstrates a commitment to an open and hybrid approach to cloud infrastructure. 

IBM’s cloud offers extensive analytics, artificial intelligence, and machine learning solutions that make use of the company’s Watson supercomputer.  As hybrid environments continue to propagate throughout the IT world, IBM’s migration and management tools provide customers with a viable path when moving from on-premises data centers to the cloud.   

Salesforce

Some readers may be surprised at Salesforce’s inclusion in the top cloud vendors, but the company’s array of SaaS solutions is impressive. From its beginnings as primarily a customer relationship management (CRM) solution, Salesforce has expanded its offerings to encompass many cloud-based enterprise software solutions.  

Its Slack-first Customer 360 combines sales, service, marketing, commerce, IT, and analytics solutions to provide small and large businesses with an innovative way to work while employing digital workflows. Salesforce concentrates on SaaS offerings and is not the right cloud vendor if you are looking for cloud storage or infrastructure solutions.  

Google Cloud Platform

Google’s cloud strategy strongly supports cloud-native solutions based on open source and open systems. This makes it attractive to companies looking to add specific capabilities to multi-cloud environments. Google offers machine learning support with vision, speech, and natural language APIs. Google’s advanced technical capabilities make it a viable choice for solutions in the field of data analytics, AI, and machine learning. 

This is just a sampling of the incredible diversity of cloud offerings available to customers in 2021. Virtually any organization can find a solution that helps them meet their business objectives. It’s just a matter of selecting the right cloud.

According to the Register, Microsoft testified to a House Committee that it receives numerous secrecy orders per day.

The US House Committee on the Judiciary met on Wednesday to hear testimony on the government's practice of secretly subpoenaing cloud service providers, and Microsoft was happy to oblige.

Read the article on The Register

Organizations that choose to take advantage of public cloud services often find themselves with their resources spread amongst multiple vendors. This situation can arise for several reasons including:

• The evolution of enterprise workloads and the search for the most cost-effective solutions;
• Sprawl resulting from the ease with which departments can migrate systems;
• New offerings not available from current vendors;
• Simply being dissatisfied with a service or vendor and riding out the length of the contract.

Regardless of the underlying factors that led to a multi-vendor cloud environment, its management presents decision-makers and technical support staff with additional layers of complexity. Adopting a set of best practices will help organizations successfully implement a hybrid and multi-vendor computing environment. 

The following best practices will assist in the successful management of a multi-cloud environment.

• Use hybrid cloud management tools - Make use of hybrid cloud management tools to address multi-cloud environments. These tools can provide features such as self-service functionality for end users, service aggregation, deployment orchestration, and cost management. 

• Optimize costs across vendors - Companies should regularly review the comparative costs of their various vendors and be willing to migrate if a move is dictated by the economics. Cloud service brokers may be able to evaluate resources and suggest ways to optimize spending. 

• Focus on disaster recovery and reliability - Recovering a diverse multi-cloud environment in a disaster scenario demands a well-planned and documented strategy. Leveraging cloud vendors may be possible by backing up resources from one to the other. 

• Prioritize security and compliance - Ensuring data security and compliance is more challenging in multi-cloud implementations. Identity and access management (IAM) tools are necessary to ensure only authorized users can get to data resources. Customer and vendor roles regarding maintaining regulatory requirements need to be fully understood to avoid gaps and failed audits.  

Concentrating on these four areas will help organizations manage their multi-cloud environments.  

Using the Right Tools Matters

Commercial and open source software tools are available to assist in the management of multi-cloud environments. These applications focus on big picture items that affect the entire cloud infrastructure and help decision-makers identify the right solution from among the alternatives and keep the complex environment running smoothly. 

Morpheus is a commercial product providing integration and automation functionality across multiple clouds and on-premises environments. It is designed to facilitate compliance, cost optimization, and application modernization.  

OpenStack is an open source solution that offers a set of software components providing common services for cloud infrastructures. It enables large pools of cloud resources to be managed centrally through dashboards or APIs. 

On a more granular scale, dedicated tools can help minimize the strain on technical support teams when systems are spread across multiple on-premises and cloud platforms. A case in point is an application like Idera’s SQL Diagnostic Manager for SQL Server. It employs a unified interface from which to monitor SQL Server performance on physical and virtual machines located on-premises or housed with major cloud vendors. 

The potential benefits of multi-cloud environments can outweigh the challenges of dealing with their complexity. Following some basic best practices and deploying the right tools will enable organizations to take advantage of the offerings of multiple cloud vendors without incurring any undue risks. 

Taking advantage of the benefits of cloud computing is not restricted to organizations operating in the private sector. In the United States, local, state, and federal governments make extensive use of public cloud resources. As is customary for all types of government contracts, some assessments and approvals must be obtained before the offerings of a cloud service provider (CSP) can be used by specific agencies. Government contracts can be very lucrative and service providers who want a piece of the business need to demonstrate that their products meet all requirements surrounding security and functionality.

All CSPs that wish to do business with the U.S. federal government need to be assessed and approved by the Federal Risk and Authorization Management Program (FedRAMP). The program’s goal is to protect the data of U.S. citizens when it is in the cloud and is the most rigorous security framework in use by the government. 

FedRAMP was created to address the problem of different and potentially conflicting requirements for each agency working with cloud providers. FedRAMP provides standard security baselines and processes that simplify the process of obtaining cloud services for both providers and government agencies. Once a CSP achieves FedRAMP approval for an offering, it is listed in the FedRAMP Marketplace to gain visibility across the government.

Navigating the FedRAMP Authorization Process

CSPs that want authorization to provide services to federal agencies need to follow a process comprised of three complementary phases.

In the pre-authorization phase, CSPs should complete FedRAMP training which includes modules that define the baseline security plan. Education can be accessed via online courses, webinars, or in-person training events. A request from the CSP will result in a consultation with government subject matter experts set up by the FedRAMP Program Management Office (PMO). To successfully get through this phase of the authorization process, a CSP needs to: 

• Document agency interest in their offering and establish partnerships with agency customers.
• Establish a partnership with an approved third-party assessment organization. 
• Ensure that the service implements the required security controls.

During authorization, a CSP is responsible for developing a package that includes the completion of the System Security Plan. The plan is then assessed by the third-party assessment organization and findings are presented to the CSP for remediation. When all risks have been successfully addressed, the CSP attains authorization and status as a FedRAMP authorized vendor.

In the post-authorization phase of the process, the CSP is required to provide monthly monitoring deliverables to the agency using its service. Failure to provide these documents can result in the service losing its authorization.

The purpose of FedRAMP is to eliminate any confusion regarding the ability of individual agencies to use cloud services. By publishing authorized services on the FedRAMP Marketplace, the authorization process only needs to be done once for each offering. Once approved, it can be used with confidence by any federal agency that wants to use the service. 

This appears to be an example of government working efficiently by reducing the duplicate work that would ensue from individual agencies or departments authorizing CSPs. In a subsequent post, we will take a closer look at the FedRAMP Marketplace and the agencies that use its authorized services.