Cloud Data Expert: You Need to 'Get Smart' and Do the Work

Cloud computing platforms have all kinds of tools, gauges, monitors, triggers, reports, safeguards, configurations and so on to manage and protect enterprise data, but it amounts to naught if IT pros don't do the work and educate themselves first about the various options.

"That initial learning curve is the tough piece," said Tim Warner, a Microsoft MVP and technical trainer who was on hand to share his expert knowledge in an online summit presented by Virtualization & Cloud Review titled "Expert Cloud Data Best Practices." His learning goals for the hundreds of online attendees included examining the issues and proven practices surrounding data stored in a public cloud provider and generating a practical action plan to implement those suggestions.

Near the end, he left the audience with three main steps to take next:

  1. Identify and classify your current data landscape
  2. Get smart on how your cloud vendor:
    • Supports compliance certifications
    • Supports customer-managed keys
    • Supports deep visibility into authentication and access
    • Supports encryption at all phases
  3. Get smart on how to do the work:
    • Training on how to leverage the cloud provider's tools
    • No shame in hiring a cloud architect

It's the getting smart part that's the toughest, Warner said.

"Get smart on how your cloud vendor supports compliance certifications, how they support the ability for the customer to manage encryption keys, how much visibility do you get into the services -- that's the monitoring, alerting and telemetry. And I'll go further and say how much visibility does the cloud vendor give you with regard to their compliance attestations. Then there's getting smart on how to actually do the work, there's the big challenge. There's knowing what's available and then there's figuring out how best to implement it.

"Once you get your so-called sea legs, that is to say once you've attained your learning curve and you're fairly up to speed, you'll find that rolling with those changes is less arduous. But that initial learning curve is the tough piece."

Tim Warner, Microsoft MVP, Technical Trainer

"So as I said earlier, a theme: training. I mean I am a tactical trainer so I guess you could say I'm biased, but I mean this is just a truth nowadays with IT moving as fast as it does, getting your team into the mindset or paradigm of always being learning and adapting. That's the thing. Although it can be really frustrating in the public cloud to log into the management portal and see things change literally on a daily basis, I found in my experience, once you get your so-called sea legs, that is to say once you've attained your learning curve and you're fairly up to speed, you'll find that rolling with those changes is less arduous. But that initial learning curve is the tough piece.

"So I do want to say in my professional opinion, no shame at all in, you know, hiring a cloud solutions architect or team cloud solution provider who have their own set of proven best practices and can help you and your design implementation and maintenance."

As far as identifying and classifying your current data landscape, Warner advised IT pros to "really get a fix on what you have data-wise on-premises and whether it's going to stay there or whether it's going to go to the cloud, and which cloud vendors you're going to bring to the table and what tools and services they offer."

Doing the initial work and taking responsibility for enterprise cloud computing initiatives also ties directly into the Shared Responsibility Model, which as it's name suggests details exactly who is responsible for what under different approaches, such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS) and on-premises.

Shared Responsibility Model
[Click on image for larger view.] Shared Responsibility Model (source: Microsoft).

In the latter on-premises approach, for example, the customer is responsible for everything -- 10 different responsibilities ranging from accounts and identities to the physical network and datacenter. On the other end of the model, SaaS, the customer is responsible only for three of those 10 responsibilities (while sharing "identity and directory infrastructure").

"As you move toward the cloud, I find in my practice most of my clients want to start with infrastructure as a service, in other words running virtual machines in the cloud environment," Warner said. "There the vendor is providing the physical infrastructure and you're responsible for everything else including patching the virtual machines, backing them up, etc. Then we get more into Platform-as-a-Service and that's a lot of where the data stuff lies, I found, where you've got more and more responsibility offloaded to the vendor but there's still stuff that you need to do as a customer."

In addition to general guidance, Warner examined data migration, data classification, data encryption, data availability, disaster recovery, identity & access management, and monitoring.

The latter item was the subject of a tip shared in an earlier online cloud summit presentation by industry expert Howard M. Cohen, who emphasized to his audience: "Whatever you spend on monitoring is worth it."

"Every cloud service is a consumable, and you need to make sure that the only thing you're paying for is what you've consumed," Cohen said. "So, every penny you spend on monitoring is absolutely worthwhile because you're keeping your providers honest."

Warner also touted the benefits of monitoring.

Log Analytics
[Click on image for larger view.] Log Analytics

"Lastly, we've got monitoring, which is making sure that you can see what's going on, and even more importantly, being proactively alerted when your cloud data infrastructure goes out of bounds. You want a short feedback loop, it seems to me. All three of these cloud vendors [Azure, AWS, GCP] expose what are called rest APIs and any event that happens in your cloud is something that can trigger automated actions.

"So this speaks like I said of alerting performance tuning, telemetry, all troubleshooting would be another case, and even taking advantage of the cloud vendors' AI/ML backend. In Azure for instance there's Azure Security Center that uses artificial intelligence ML models to look at your usage and look at your access, and any anomalous behavior: boom you'll be notified immediately in Azure Security Center. And Azure also has a log ingestion platform called Log Analytics where you can centralize all of your telemetry across your hybrid cloud and then report on it in one spot."

There's much more to Warner's hour-long component of a larger "2021 Cloud Best Practices Summit" -- sponsored by Rubrik -- that you can view on demand upon providing registration information.

Also, many other on-demand and upcoming webcasts can be seen here.

About the Author

David Ramel is an editor and writer for Converge360.


Subscribe on YouTube