In the Cloud – Forgiveness or Permission?


We have all been there. Working late one night, we have finally found the fault that has been plaguing our IT infrastructure for days, weeks or even months. Do we fix it straight away and then ask for forgiveness for not following IT protocol (ITIL, Change Management, etc..) or do we seek permission and follow our protocols potentially leaving the fault unresolved for another week or more?

A good IT strategy will have the correct protocols in place to allow for situations like this on internal infrastructure, but the rapid uptake of cloud infrastructure (in both public and hybrid configurations) have introduced another angle to this question.

The forgiveness or permission question is now not just a matter of ‘break-fix’ where you see a fault and you remediate it. Now you need to think about the security of your organisation and the bigger picture issues you may unwittingly introduce. It is as easy as an email address and a credit card for an application team to have their Development environment in a public cloud, but will they ask for permission before setting it up or set it up and ask for forgiveness after the fact?

Let us fast-forward a few months to that same application team running their Development environment on a public cloud who did not ask for permission to create that environment, they decided to forge their own path.

With the assistance of Diaxion, the company has decided to adopt a hybrid cloud strategy and have begun an application analysis phase. Diaxion has discovered that the application team who moved their Development environment to the cloud has actually been using highly confidential customer data in the public cloud in contravene to what their Security Architecture position is, and more importantly, potentially in breach of a regulatory authority. The company is now also experiencing bill shock as the application teams Development environment has suffered the all too familiar server sprawl.

All of a sudden, the forgiveness or permission question has become a lot more straightforward. You must have permission from your Security Architecture team to adopt a public cloud because the repercussions have become a lot more serious. That forgiveness stance from the application team may have just put a severe dint in their company’s reputation and cost them a significant financial penalty.

Diaxion can assist you with a clear, forward thinking IT strategy that will define the governance and architecture of any usage of public cloud, whether it is a hybrid configuration or a straight cloud first approach. This clear strategy and subsequent architecture will define which workloads are suitable candidates to consume public cloud with respect to any regulating authorities, thus not taking on any extra risk to the business as a whole.