In the last blog with Deloitte’s Marc Beierschoder, we talked about what the hybrid cloud is, why it can benefit a business and what the key blockers often are in implementation. You can read it here.
Today we are continuing our discussion with Martin Mannion, EMEA Big Data Community lead at Deloitte and Paul Mackay, the EMEA Cloud Lead at Cloudera to look at why security and governance requirements must be tackled in the early stages of data-led use case development, thereby mitigating more work later on.
Thanks for joining us. Last week we established the requirement of organizations to not only address their technology needs and to assess their data foundation in doing so, but also the importance of up-skilling their workforce. When building your data foundation, how can you prioritize innovation within a hybrid cloud strategy?
Martin:
I see there are five stages to reaching the point of being able to prioritize innovation within a hybrid cloud strategy.
- You ideally need to start from the business goals you want to drive – what are the key challenges that could be addressed?
- Next you need to understand your data, cataloging enterprise data into business and compliance terms.
- Thirdly, assess your workload: select the most appropriate use cases relevant to sit in a hybrid model. The most relevant use cases are those that use or integrate data, including publicly available data, and you combine that with your internal data. Another example might be that you have burst workloads that require very high compute and storage capability only once a month. These are typically really appropriate for hybrid scenarios: you can just spin up a cluster of 100 nodes, and then get the result back in minutes instead of waiting hours or days or even weeks.
- Classifying data and systems in order to leverage consistent security and governance is the next stage, however you also have to solve some really challenging technical topics: from firewalls to organizational challenges in the data protection and security area.
- Finally a cross-discipline team is required to accelerate innovation. This team should fully understand the business goals and how their work will support the organization in achieving these goals. As mentioned in the first blog with my colleague Marc, these teams will need to be upskilled in the latest trends to deliver innovative solutions to the business.
Only if you have addressed each of the stages, can you be ready to deliver a hybrid cloud model for faster insight and value. Once these are in place, you can rapidly increase the speed of use case delivery that benefit from a hybrid model. The key is that you shouldn’t blindly believe that hybrid models will solve all your problems.
“Digitally maturing companies are not only innovating more, they’re innovating differently.”
Deloitte
Accelerating digital innovation inside and out
And so, with your use cases at the forefront of your mind, how can you start to deliver this data-driven innovation – especially considering the skills, security and other considerations previously highlighted?
Paul:
Something that’s emerged in the past 6-12 months, that’s widely been coined now from both analysts and businesses, is the idea of something called an enterprise data cloud. The principles of an enterprise data cloud are:
- You should be able to run your data and analytics in the place that you choose: public cloud, multiple public clouds, data centers or between both in a hybrid model.
- You need to have consistent security and governance that allows you to not only control who has access to data, but also have full insights into lineage, metadata and cataloging throughout your environment. Data should inherit security and governance policies set at an environment-wide level meaning that whether you are delivering data engineering capabilities or the most complex machine learning models, security is being done in a consistent and easy to manage way.
- It should be open, meaning platforms that are not only based on open-source software (with all the benefits that brings), but also allowing you to integrate your existing tool sets using open standards.
- It is a single platform that can help you throughout your data lifecycle journey, whether that’s just simply the collection of that data, all the way through to predictive stuff and ML at the end, and everything in between. You need a platform that can help you go through that whole process, not just deliver one aspect.
Technology is of course only one part of any solution, with the need to adapt people and process an equally critical part to being successful. Through training and using partners such as Deloitte to educate and transform your people and process, implemented alongside the technology, you can start to deliver value (back to the business or customers) in the shortest possible time frame.
You both mentioned consistent security and governance should be established for all your data before driving new hybrid cloud use cases and innovation. Security can be a question mark in the journey to hybrid, particularly for industries that have tougher regulations. How can you implement a cohesive security strategy when your data and workloads reside in different locations?
Martin:
We all know that different public clouds today have very different structures, so getting to a secure, single view of your data is difficult. For example, when you have access rights for a data set in one cloud with a link to a data set in another cloud, you need to ensure administrative services do not grant access to just anyone. These challenges can be very complex and need management layers (for both access and workload) to solve.
Obviously, there’s a deeper level to this beyond security and governance, but that’s key in this instance and is essential for consistency. You have two options here:
- Have a separate security strategy and model [3] in each of your systems. This means you are responsible for synchronizing the different strategies and models between systems, increasing operational effort, security risks and adding delay in accessing data and analytics for users.
- Have an integration layer in which you define your strategy once and it manages security deployment across the different systems. Using APIs, the integration layer is deploying the actual security rules in each specific system of your hybrid scenario on your behalf.
Both ways are possible, and you need to assess which is best for your business.
Paul:
Exactly – a hybrid cloud integration layer can provide that consistency and security. If you compare data centers and public clouds, they are two completely different environments, built on different architectures which have their own sets of tooling, policies and processes. So when you start to look at providing security and governance across both these environments it becomes very complicated and almost impossible to get them to work together! A big part of your strategy should be to consider how you go about dealing with security and governance holistically. By ignoring this piece now, you will definitely add more work for yourself later. Ultimately you don’t want to be worrying about security and governance at each iteration on your innovation roadmap – it should be seamless and transparent in the background, just happening in a consistent and reliable fashion.
I would reiterate that you’ve got to be really careful here, because this is such a huge part of your data and analytics strategy. If you get this wrong, you’ll create yourself a problem that will be very hard to get around. If I just put data into different locations and I don’t care about having consistent data access policies, or the ability to demonstrate regulatory compliance, all of a sudden I’m going to have to use different tools to deliver security and governance in those different elements. And if I’ve got to try and integrate those together, I’ll find myself in the never-ending piece of work that is removing me from doing things that are driving value to the business and keeping me stuck in the things that I have to do and need to do, but aren’t innovative. Those things should ultimately be there by default.
Martin:
With an integration layer embedded within a wider data management platform, you can manage, maintain and monitor all your cloud environments in one place. Cloudera and Deloitte work together to offer to support our clients on their hybrid cloud journey.
Thanks for reading this blog. In the next one, Deloitte and Cloudera will look into how you can implement your hybrid enterprise data cloud in the real-world, addressing the common blockers identified in blog 1. Come back soon to read more. In the meantime, feel free to reach out to our interview subject-matter experts if you have any questions:
Martin Mannion LinkedIn