In fact, security fears still play a big part in many companies’ hesitancy over cloud migration. According to research by KPMG, 46% of businesses that have not yet adopted cloud infrastructure fear that it could increase the risk of unauthorized access to sensitive business data. This is in spite of the benefits including financial savings, improved flexibility and increased time-to-innovation reported by the 82% of German enterprises already in the cloud.
So what’s the answer for companies that want to ensure they can profit from the broadening of horizons that cloud offers, while still remaining compliant and ensuring their data is safe and secure?
Understanding Cloud Security and Compliance
This question is particularly pressing for businesses in heavily regulated sectors such as finance, telecoms and healthcare. Even more so for large organizations, which might see the big US cloud providers such as AWS and Microsoft Azure as their natural partners. Often this is due to their ability to handle enterprise workloads at scale, as well as the sophisticated native tools and applications they provide access to.
However, this in itself brings further challenges thanks to the range of security standards that can be involved, as well as regulatory issues such as GDPR, Safe Harbor and Privacy Shield.
As this issue has become more pressing, cloud providers have stepped in to create their own solutions, usually leveraging virtualization and containerization technologies to create “virtual private cloud” (VPC) environments that clients can think of as their own walled garden within a public cloud.
It’s also worth noting that the big providers generally provide very high level of security across their basic services – after all, the likes of Microsoft and Amazon have the resources to invest in researching and developing state-of-the-art cybersecurity solutions, and the business incentive to ensure their customers use them with a high degree of trust. In short, cloud is becoming more sophisticated, secure and flexible – but often introducing more complexity as it does so.
When it comes to security, cloud providers including AWS adopt a “shared responsibility” approach. In short, this means that while the provider is responsible for ensuring the overall security of the cloud, the end user is responsible for what they do with their data while it is in the cloud. The provider, for example, is responsible for managing the integrity of the user account and access system, as well as for detecting and preventing threats such as distributed denial-of-service attacks.
This means that the end user – the business making the cloud migration – is responsible for access management, classifying data and assigning tags that let the provider know who can or can’t access it. AWS provides all the tools for managing data security, but data loss or access breaches that occur due to improper use of these tools remain the responsibility of the user. This can be another source of anxiety and hesitation of you’re not confident in your organization’s ability to manage and mitigate the risks.
Partnering – the key to cloud success?
Expert partners offer a solution to organizations that want to ensure they fully mitigate against risks of cloud migration. This will usually be provider of managed services with expertise in deploying the cloud provider’s suite of applications and solutions, taking on some of the user’s risk under the shared responsibility principle.
With experience of managing cloud services on behalf of users, they can also act as an interface between the user and regulatory bodies, when it comes to answering questions about compliance and regulation. One provider of these partnership services is T-Systems, the IT services subsidiary of Deutsche Telekom.
As a premier AWS partner, T-Systems offers clients an AWS Landing Zone service, which acts as an online, real-time overview of their cloud infrastructure. It can be thought of as a combined operating system and user interface for your cloud platform, where applications responsible for ensuring security and compliance work together to ensure nothing is overlooked by the user. From the landing zone, identity access and management, account creation, event logging, governance and data security functions can be accessed quickly and simply. Servers, networks, operating systems and user behavior can be monitored from a “360-degree view” ensuring the AWS user is always in control of their operations.
T-Systems and AWS have jointly designed an offering for ‘Data Protection as a Managed Service’ which is meant to help customers address sovereignty expectations and concerns associated with handling Security and Privacy in the Cloud, whilst adopting a zero-trust approach towards the hyperscalers. In addition T-System offers "External Key Management for AWS" (EKM) solution, which separates key management from cloud service usage, allowing AWS customers to fulfill regulatory demands, achieve high security, and harness AWS cloud innovation capabilities, while providing end-to-end logging and monitoring of key access for full auditability. T-Systems provide also provide 24*7 operational support out of the EU-based operational teams.
With a lack of in-house skills often frequently cited as another barrier to cloud migration, working alongside a partner such as T-Systems becomes an even more attractive proposition, for businesses daunted by the security threats and compliance obligations.
Use Case 1 – The 1. FC Köln Football Club
The 1. FC Köln football club, one of the world's 20 largest sports clubs, leveraged AWS and T-Systems to modernize its website, fc.de. The site, a central hub for the club's 114,000 fans, not only offers updated information, such as video content, but also serves as a primary channel for ticket sales and fan merchandising. Given the vital role the site plays, it needs to be available 24/7, especially during high-traffic periods such as ticket sales and match days, when the load can increase tenfold. The club was seeking a dynamic, scalable solution that could manage these spikes in demand while also providing a robust user experience, a crucial factor in the club's digital footprint.
In the past, scalability and capacity management proved to be significant challenges, with their previous content management system (CMS) unable to scale. Their legacy environment lacked active improvements and adequate documentation, and the classic hosting solution could only handle peak traffic by permanently increasing infrastructure capacities, resulting in unnecessary costs. The 1. FC Köln web team sought a dynamic solution that could adapt to user requests while maintaining high performance at a lower cost. As a result, the club decided to transition to AWS, enlisting T-Systems as their consulting, migration, and managed services partner.
T-Systems, in collaboration with the web agency, modernized the entire website, replacing the initially planned "lift-and-shift" approach with a re-engineering and re-platforming strategy. This included modernizing the application layer and platform and infrastructure level, integrating new security mechanisms according to AWS best practices, and using redundant EC2 instances for the backend hosted in two European AWS availability zones, linked via load balancing and auto-scaling. T-Systems also implemented a Web Application Firewall and AWS GuardDuty to ensure consistent performance and protect the site against common web exploits and bots. On this cloud-native foundation, the web team was able to introduce DevOps practices, leading to significant improvements in the site's operation and management.
Use Case 2 – T-Systems and LucaNet
An example of a client that benefited from this partnering approach to cloud migration is the German software and services provider lucaNet, which specializes in creating solutions for financial services. Wanting to improve user experience for its customers by improving reliability and availability, it took the decision to migrate its LNCloud infrastructure, which previously needed to be deployed on clients’ premises, to AWS.
Switching to servicing its clients via AWS native solutions including AWS relational database, EC2 and S3 required extensive re-architecting, and there was also a requirement for every LucaNet customer’s infrastructure to be hosted within its own VPC. Under its partnership model of working, T-Systems takes responsibility for monitoring and managing each VPC environment and all workloads, as well as providing 24/7 helpdesk support.
As a result of their successful managed AWS migration, LucaNet has vastly accelerated the time it takes to bring its customers online in the LNCloud, allowing it to introduce its services to new markets and quickly scale its offerings in any region, as dictated by customer demand. Its customers now enjoy greatly improved availability of the platform, as well as the peace-of-mind that comes knowing that comes with knowing their data is safe within the highly-secure AWS environment.
Towards Tomorrow’s Cloud
Looking to the future, it’s clear that the cloud is no flash-in-the-pan fad. It will provide the foundations for IT platforms and infrastructure of tomorrow, and act as an enabler for companies wanting to leverage emerging enterprise technologies like artificial intelligence, the internet of things and edge processing.
While there are always likely to be challenges, tackling them head-on today is the best way to ensure an organization is fit for the future of business.
Thankfully it doesn’t have to be a solo journey and choosing the right partner can be key to navigating it with confidence and certainty.