Public clouds such as Amazon Web Services (AWS) offer the ease and flexibility of increasing and eliminating resource capacity as needed. This is a vast improvement from on-premises data centers that are usually either under- or over-capacity, costing enterprises valuable opportunities and capital.
But even with the simplicity of the cloud, there are still a great number of challenges with managing AWS at scale. Capacity aside, managing workloads and resources is a daunting task that still takes numerous employees and budget. But worst of all, not managing resources properly can lead to security gaps, exposing the enterprise’s data to the wrong employees, customers or attack by nefarious parties. Let’s explore these challenges.
Losing visibility: Enterprises aren’t just spinning up a few resources to the cloud. There are massive amounts of data and processes that operate within the cloud infrastructure. Enterprises are finding new ways to advance their business model by using the cloud, but it can be easy to lose track of what resources exist…and where! After a while the list of resources grows so long it is nearly impossible to keep track of them all, resulting in stale resources, excess capacity and potentially unauthorized instances in the cloud.
Patching: As an enterprise makes updates, changes and improvements to its software, patching is used to apply those changes across the application. The challenge with patching at scale in a cloud environment is ensuring the process is applied across all resources in all locations around the world. There could be tons and tons of resources that may or may not be affected by patching changes. AWS is incapable of communicating across resources, which means patching has to be applied for each resource, running the risk that some could be missed, leading to portions of the application not updating properly.
Monitoring: AWS has some built-in features that can help enterprises monitor their infrastructure. The challenge is configuring and tuning those tools for the specific needs of the organization so that they are applied across the environment. Notifications can be scheduled to alert teams of important changes, but the frequency of these messages causes employees to get numb to them and they may miss important downtime messages.
Cost Tracking / Budget Forecasting: Bills can grow, and grow, and grow as the company is expanding. Gartner Research found that public cloud bills are 2-3x customers’ expectations.
Another element of cost is new offerings that come from cloud service providers. Sometimes developers or staff want to use these features to just test them quickly and not tell anyone because the cost is cheap…for now. If any of those trial instances is forgotten it can create unexpected costs that may not be identified by management. The enterprise will find itself paying for capacity it did not approve of or has forgotten about.
Security: AWS does have tools in its platform to keep the cloud secure and protect against data breaches. Being hacked through AWS isn’t as much of an issue as spinning up resources that have not had proper policies applied, and that responsibility rests on the enterprise. Shadow IT and cloud resources provisioned by employees finding new and innovative ways to advance the infrastructure can lead to some of the greatest risks. Without knowing the enterprise’s standard practices and stance on policy enforcement, employees can unintentionally create gaps in the cloud that leave the enterprise vulnerable.
Provisioning and Deployment: Self-service, on-demand provisioning of enterprise cloud infrastructure can quickly grow out of control reaching the thousands of resources across multiple accounts and regions. With that many new events taking place there is a chance that some of those resources could violate policies that are in place for the enterprise. Resources can be spun up in the wrong geographic location, with the wrong permissions, at the wrong capacity and more. Applying policies to each individual event manually can be challenging and will ultimately lead to errors.
Educating Employees: Let’s face it, human error is an unavoidable risk that exists in any human enterprise. User mistakes can be the reason for a security breach, or the reason a resource is spun up, forgotten and costing the enterprise money. But fearing human error is an inefficient practice. Enterprises do not want to be in the business of babysitting their technical and business staff. In order to use employees’ full talent and abilities means providing access to qualified personnel and allowing them to exploit and work within the cloud. Nevertheless, enterprises want to limit the occurrences of employees creating their own resources that do not align with enterprise policies.
Event Driven Automation is Key
For each of these cases, the ability to set automated policy enforcement is necessary to experience the full benefits of the cloud. Event driven automation gives organizations the ability to set policies that can be applied across some or all resources triggering notification or immediate action to solve the issue.
Making sure that these changes are timely is also a major consideration. The goal is consistency, or the point at which infrastructure has policy consistently applied and deployed against existing and future resources. The question the company needs to ask is: what is that window of time that is acceptable for eventual consistency? Perhaps spinning up a resource across the world is an event that doesn’t require immediate attention from a company, but opening a firewall to the world in a production environment is something that needs to be addressed almost instantaneously. The enterprise would then need to write the policy that identifies that timing and then apply that policy to a cloud management solution that will solve the problem in the correct amount of time.
Choosing to migrate to the cloud has a number of challenges that can all be met with the appropriate vendor partnerships. AWS can be leveraged to advance enterprise goals and reduce costs, but doing so manually borders the impossible. A third party cloud automation platform can allow the application of active policies so enterprises can focus on their business and not on the implementation of the cloud.
For more information check out these blogs: