My last few posts have talked about the challenges your customers face in extending security, compliance, governance and risk management as their enterprise IT environments expand into the cloud. I’ve tried to point out the opportunities that exist for IT solution providers in helping customers leverage the economy and scalability of the cloud without losing control of their applications and data.
But for all our preoccupation with the cloud, the reality is that most enterprise environments are and will remain hybrid combinations of physical, virtual, private and public cloud resources. Today, most operations are still heavily concentrated on physical and virtual platforms, and while everyone expects large-scale migration to internal and external clouds, the big move won’t come until CIOs are satisfied that the security and compliance issues are safely put to bed.
So the challenge your customers face today is ensuring security and compliance across a hybrid environment, given the sure knowledge that applications and data are going to move within that environment, at rates that will certainly increase over time.
There are two things to keep in mind here. The first is that identity is the cornerstone of any security and compliance solution. As I’ve said before, no compute environment—physical, virtual or cloud—can be secured unless every participant can be authenticated and authorized, and every access event monitored, logged and reported.
The second thing to understand is that as we begin to decompose large, static systems into more granular, portable workloads, we undermine the longstanding convention that security and compliance are functions of the compute environment. Mobile workloads need to be sufficiently intelligent to pack their own security, and to maintain it wherever we deploy them—or they deploy themselves. That’s the promise of Intelligent Workload Management.
The way to meet security and compliance requirements in hybrid environments is to infuse our workloads with identity and intelligence, so that each one knows its own identity and function, knows where it’s running, can recognize authorized users, knows what policies constrain it, can report significant events and respond appropriately.
The solution provider who can master these skills will find opportunity aplenty in the coming years. All the tools you need are available and your customers are waiting.