This is the fourth in a multi-part series. Follow the series here.
In this installment, we’ll look at qualification. Since Barracuda is a cloud security provider, our discussions will naturally focus on security considerations. When we talk about qualification, we’re really talking about two things that can go hand-in-hand: a proof-of-concept, and a framework reference architecture.
The Shared Responsibility Model means that while your cloud provider will ensure rock-solid security for AWS, you’ll need something additional in front of your cloud-resident applications and workloads to secure them from attacks and be able to monitor and log activity.
Diagram of the AWS Shared Security Model. Click here for more information.
Whether you do this with native tools or third parties is dependent upon the features you need. For example, healthcare is concerned over data privacy (HIPAA is an obvious requirement but there can be equally stringent local requirements), while financial institutions absolutely need the ability to monitor and log access and activity.
You already set-up security on your local workloads, so you know what you’ll need to duplicate in the cloud. You may also want or need a single way to visualize data to and through the cloud. The obvious example here are hybrid configurations that many companies end up deploying: selecting a single security vendor who can provide end-to-end visibility may be a key part of your considerations.
So qualification is ensuring the chosen vendor (or vendors) can provide all the features you require. Typically this can be accomplished through a short proof-of-concept (sub-30 days) but most companies also take this opportunity with their vendor or service provider to identify a framework reference architecture against which they can migrate or move multiple workloads. Just like their on-premises counterparts, cloud-facing security solutions are a one-to-many proposition: a single firewall or pair of firewalls (for clustering and failover) can support a number of discrete workloads (formerly VMs).
So your qualification is really the final test-phase for the first workload or application you’re going to migrate – with the rest of your requirements following this first cloud deployment.
In our next installment, we’ll look at security in a bit more depth as it’s already played a critical part in your steps to cloud deployment.
If you would like more information on how Barracuda can help you migrate to the public cloud, visit us on the web here:
Rich is the Director of Public Cloud Product Marketing at Barracuda. He joined the team as part of the acquisition of C2C Systems in 2014. Rich is one of Barracuda’s public cloud experts – he works directly with the cloud ecosystems and has been quoted in eBooks from Microsoft on public cloud security. He is also a frequent contributor to Barracuda’s own cloud blogs. For our cloud motions, he helps develop strategies and execution with our partners and sales teams.
You can email Rich at firstname.lastname@example.org.