Key considerations in moving apps to the cloud
- By Peter Kersten
Government agencies are increasingly following a multicloud approach to application deployment, with most pursuing a best-of-breed strategy for each application deployed. Fifty-seven percent of public-sector respondents to the fourth annual F5 State of Application Delivery survey said they make their cloud decisions a case-by-case, or per-application, basis.
Selecting the right cloud environment for a particular application offers many benefits but some challenges as well. It requires agencies to ensure their distributed application portfolios all have access to security and high-performance resources.
Although that approach is common in on-premises environments, maintaining those resources is more difficult when applications reside in hosted locations. Fortunately, there are some steps agencies can take to ensure optimal performance and security when deploying apps in a multicloud world.
Understand the X in “X as a service”
In moving to the cloud, whether public or private, on-premises or off, most agencies are contracting for a service. But many do not understand the distinctions between infrastructure-as-a-service and software-as-a-service offerings. They are two very different things, and each poses unique challenges.
IaaS involves moving applications from one in-house computer to another at the hosting site. But just because infrastructure resides in the cloud does not absolve federal IT managers of the onus of managing that infrastructure. The only difference is that with IaaS, it needs to be done remotely, which can be difficult for professionals who are used to having everything in their immediate environment.
SaaS involves handing the application over to the cloud provider and letting the CSP run with it. However, many agencies are loathe to cede complete control of their applications, which is what a sound SaaS solution requires. Federal IT professionals must be comfortable with letting the cloud provider assume a level of control over agency applications. As such, working with trusted providers is absolutely essential.
Before pursuing an IaaS or SaaS strategy, it is important to understand the implications of each. Administrators must weigh the benefits of having complete control of their agency’s data and infrastructure versus having them run on a service. Taking their hands off the wheel and giving someone else control can be a difficult transition for some IT professionals.
Keep security front of mind
Cloud-hosted applications offer many benefits, from cost savings to flexibility and scalability. It is important to keep in mind, however, that the cloud is not a panacea, and planning and coordination is required to maximize those benefits, especially when it comes to security.
The cloud by its nature is a shared security model. The physical security, storage, virtualization layers, and network security are the responsibility of the cloud provider. However, the data, operating system and application layer security are the responsibility of the customer.
The nonprofit Open Web App Security Project issues an annual list of top 10 threats to web application security. Federal agencies should consider a web application firewall to mitigate attacks to applications that are not stopped by traditional firewalls. Advanced WAF solutions can block zero-day application layer vulnerabilities and the top 10 OWASP attacks; they can also defend against advanced botnet and malware attacks as an integral component in any application being deployed to the cloud.
Automate wherever possible
Reducing operational costs is hard to achieve when technical and architectural debt is accumulating from the maintenance of multiple frameworks, tools and systems. This is where automation, accompanied by orchestration, helps the transition from legacy environments to the cloud. And it is a big help with security and access management. Orchestration can enable automation by allowing administrators to arrange and coordinate certain tasks, thereby creating a consolidated process or workflow.
Agencies should consider gateway application services to help with automation. These support applications – like application programming interfaces -- bridge the gaps between existing and emerging protocols and technology. In our survey, nearly three-fourths of government respondents (73 percent) said an API-enabled infrastructure is needed to facilitate deployment automation.
The benefits from relocating to the cloud are well recognized: the opportunity to cut costs, move IT expenditures from CapEx to OpEx budgets and scale in response to user needs, to name a few. Investing the time up front to plan the move, from assessing the best type of cloud for each application to laying out the timeline and process flow, will go a long way toward helping agencies achieve their digital transformation.
Peter Kersten is vice president F5 Federal.