Hybrid Cloud Systems Management: Four Processes to Prioritize

The appeal of cloud computing is financial: rather than buying infrastructure, you rent it. The problem with this ‘financial solution’ is that it distracts the cloud user from the systems management responsibilities that remain after moving applications out of the enterprise.

IT Operations performs many tasks to keep things running smoothly in the data center, whether it is local, remote, virtual, or cloud-based. The IT Infrastructure Library (ITIL) defines roles and responsibilities by focusing on critical processes within infrastructure and operations. In order to effectively manage their hybrid environment and get the most out of their investment in the cloud, here are four critical processes that organizations should prioritize:

  • 1: Performance Management and Capacity Planning

Performance management has a long history in computing. Early machines were constrained in every dimension – processing power, addressable memory, I/O speed, storage space, and cooling capacity (due to electricity consumption).

Although the cloud has significantly increased available resources, the organization’s services and applications still require monitoring to sustain acceptable levels of performance. In the cloud, applications can use far more resources than they need – but that elasticity is not free. Performance management tracks real-time resource use to alert the business to wasteful design or faulty implementation.

Having sufficient utilization data also informs capacity planning, which seeks to project future consumption and guide future spending. The value of this function in the cloud is similar to the days when companies dealt primarily with physical infrastructure. The cost of capacity planning (training, tools, and monitoring) is offset by the savings in future technology acquisitions.

In the case of physical infrastructure, an error in overestimating capacity requirements is small compared to the financial penalty for underestimating and finding that the company must initiate a new buying cycle for brand new gear. The same rule applies to cloud. Be wary of ‘too good to be true’ deals on capacity that cover multi-year acquisitions. Getting more than you need up front may save you from expensive elasticity later.

  • 2: Change Management 

Organizations need to know what programs and services are in development at any point in time. Well-managed IT organizations have effective processes to introduce new functionality and fixes into their production environment. However, the business’ need to do this faster does not mean abandoning controls.  

"Be wary of ‘too good to be true’ deals on capacity that cover multi-year acquisitions"

As the software development lifecycle evolves, appropriate controls must also evolve to preserve the integrity of the production environment. If the path that code takes to get into production is adequately monitored, it need not introduce unreasonable delay.

When a problem occurs, troubleshooting will require a snapshot of the environment. Correcting the defect will require reasonable audit controls and a reliable process for updates. Effective change management policies help ensure that only the most reliable code makes it into production, and that problems can be resolved quickly and effectively.

  • 3: Contract Administration 

Cloud services are very easy to buy, and so inexpensive that users can purchase them without going through any procurement oversight. This can introduce unknown attack surfaces into the environment. Enterprise leadership should develop a policy stating that cloud acquisitions must be vetted.

The information security team must also support such vetting so that the exercise doesn’t become meaningless. An understaffed effort will lead to one of two outcomes: Either the review is trivial and approved, or it is trivial and is disallowed.

In the case of the former, the information security posture of the organization is weakened due to a lack of thorough, knowledgeable review of the services in question. Whereas the latter will often lead to the employee simply proceeding anyway without approval. It’s therefore critical that the administer contracts in a way that balances business needs with security.

  • 4: Configuration Management

Configuration management governs the arrangement and planning of IT infrastructure components, both physical and logical. This discipline has grown more important as organizations use distributed resources supporting business initiatives.

Maintaining an effective software asset management database provides three key benefits: First, you will know what your current and planned spending are. Second, you will know if an insecure production component is installed in your environment. Third, it provides the ability to assess the unused capabilities in the current production suite when considering acquiring new products. Studies consistently show that most organizations use less than one third of the capabilities of their currently installed software. Effective software asset management can help the organization get the most out of its technology investments.

Brought to You by

What’s Hot on Infosecurity Magazine?