Why public cloud hyperscalers are instrumental to resilient enterprise operations

As enterprises increasingly adopt cloud-based infrastructure, they need to ensure that they are resilient and robust enough to meet current and future demands. This resilience is required in areas such as network robustness, the ability to handle varying levels of demand, meet an ever-increasing expectation of user experience, cope with outage quickly and seamlessly, not to mention defending organisations from the increasing complexity of cyberattacks.

To meet these wide-ranging demands and provide a high level of resilience, many enterprises are looking towards using public cloud hyperscalers.

About the Author

Senior Account Manager, Jeffrey Magara helps Global Enterprise & SME clients to deliver consolidating, cost saving IT solutions and projects.

Public Cloud Hyperscalers

Having any level of cloud-based infrastructure for your enterprise will more than likely mean that you will already be working with a hyperscaler.

Essentially, hyperscalers provide cloud, networking, and internet services at scale, by offering enterprises access to infrastructure, via an IaaS model. A list of hyperscalers in the market today will include companies such as Amazon, Google, Microsoft etc. They dominate cloud services and are continuing to grow, as the demand for their services increases exponentially.

These powerful hyperscalers offer services through huge data centres that accommodate fluctuating and high demand. Indeed, their infrastructure is built on thousands of physical servers and millions of virtual machines. The end result, and advantage to their customers, is data centre resources that are easily accessible, cost effective, reliable, and scalable.

What’s more, today’s hyperscalers provide a level of performance way above traditional inhouse data centres. They also have a very clear view on the future, investing huge amounts of money, offering a level of reassurance to their customers beyond the dreams of an enterprises IT department. Microsoft alone have recently announced their investment of nearly $20bn, to build the infrastructure necessary to support its Azure cloud service. This should not only reassure Azure customers, but those of competing hyperscalers, as they are sure to be working on their own future proof projects.

With minimal level of commitment, many of today’s largest enterprises are already customers of all of the hyperscalers, allowing them to pick and choose services that best fit their business and, at the same time, avoid vendor lock-in.

Innovative Hyperscalers

Hyperscaler companies are working hard to offer their customers more reasons why cloud is the route to take. Some of the latest services offered demonstrate this and allow enterprises the opportunity to become agile and resilient without huge investment. Innovations of late include:

  • Serverless Computing
    Allowing users to write and deploy code without worrying about the required infrastructure. Key benefits include: pay for only what you need, extend and scale to full-stack apps, automatic and instant scaling with usage increase.
  • Artificial Intelligence as a service (AIaas)
    Ready-made AI services in the cloud on a pay as you go basis.
  • Containers (CaaS)
    Allows faster app deployment, optimising resource utilisation, again available on a pay as you go basis.
  • Distributed Cloud
    Expands the traditional datacentre-based cloud model to a system of cloud infrastructure components that are geographically distributed, benefiting performance, redundancy and regulations.
  • Edge Computing
    Brings computer closer to the end user, minimising long distance communication between client and server, reducing latency.
  • Cloud Portability
    Cloud portability tools that help you adopt multi-cloud strategies. Benefits include: no single vendor lock-in, easily switching clouds and inter-Cloud redundancy.

Coping with Legacy Infrastructure

One of the many challenges faced by hyperscalers and their customers, in particular, is how to integrate enterprise’ existing legacy systems with the cloud. This indeed will be a key challenge, as it will open up many enterprises who are either resisting the move to cloud, and or struggling with how they utilise their existing legacy system and indeed its applications. Aware that this is a barrier for many would-be customers, hyperscalers are investing in viable solutions.

Strategic Multi-Cloud Agility

As mentioned earlier, many larger enterprises have adopted a multi-cloud strategy in order to build up their IT resilience and continuous protection. This multi-cloud strategic approach benefits both resilience planning and overall service offering, making it highly beneficial.

Having the ability to store your data in different physical locations and different providers should ensure that you always have access to it, no matter what the circumstance is. This does of course rely on all providers to integrate with one another, allowing you to move data in the event of a problem, but having the flexibility to add and scale services in real-time.

Risk Management

Cloud deployments offer a myriad of benefits, and indeed mitigate many of the traditional data centre risks, however, cloud use does come with its own set of challenges. Further complexity and volatility is added. By their nature the public cloud involves large transactional volumes, open architecture and multiple vendors, all of which contain risk.  Also, as mentioned earlier, there is the challenge of how to synchronise with an enterprise’s legacy systems.

To combat these challenges and ensure business resilience, enterprises need to create a comprehensive strategy to cover everything including, provisioning and day to day management of potential multi-cloud environments. Having a clear view of what the enterprise’s critical applications are, will help make sure resources are focussed on protecting them.

Selecting the Right Hyperscaler

When looking to choose the right hyperscaler for your enterprise, due to the very nature of what they offer and how they integrate into the very core of your enterprise, you should be looking for a partner rather than a supplier. Afterall, this should be a vital strategic move for the enterprise.
Some key areas to think about when selecting your hyperscale partner are:

  • Consider your existing architecture, technologies and operating systems when selecting a provider.
  • What are the specific needs of our enterprise in terms of cloud infrastructure? There will be some cloud hyperscalers who better suit particular industries
  • Consider using more than one cloud hyperscaler. As mentioned earlier, many enterprises have strategically spread their risk by using more than one.
  • Do you utilise the provider’s platform services or build and maintain your own?
  • Opportunities to co innovate; Hyperscalers are sometimes willing to partner with customers to build new services, in niche fields.

What is very clear, for enterprises to make the most from cloud computing, they need to understand what it is they wish to achieve, identify their critical applications and have the backing of the board.  Many organisations have suffered from an experimental mindset, stalling the project, as no clear direction has been set. Others struggle to make a clear business case.  With the advent of the COVID-19 crisis, it has been a wakeup call for many enterprises, of the importance of systems resilience, agility and scalability.

To gain the advantages of the cloud, there needs to be a high level of commitment to migrate and scale the majority of the enterprise’ workloads, this is where the true business value is.

If your enterprise is looking to take greater advantage of cloud-based infrastructure, or indeed make the first moves towards the cloud, having a partner who can help guide you through will be invaluable to making the right decisions. Pendulum offers design services for Google Cloud Platform, AWS and Microsoft Azure, along with support and expertise, to help you get the most out of your organisation’s cloud infrastructure.

About Us

Pendulum IT p logo

Pendulum is a leading IT company providing services, hardware and software across the UK and internationally. For further information on remote working, public cloud hyperscalers, cybersecurity, modernising the data centre, HCI or any other area please contact your account manager or email info@pendulum-it.com 

How to ensure cybersecurity is still a board level concern

How to ensure cybersecurity is a board level concern

In 2021, cybersecurity has to be a visual, prioritised part of every business strategy.
Cybercrime has become industrialised on a scale not seen before and shows no sign of flattening out. Current enterprise spend is around $54bn* globally in 2021 (*source Statista March 2021). In a 2020 report McAfee estimated global cybercrime losses to exceed $1 trillion. Discreet malware cases alone in the last 10 years have increased from $99.71m in 2012 to $1214.76m* in 2021 (up until 6th May) (*source AV-Test 2021).

About the Author

Senior Account Manager, Jeffrey Magara helps Global Enterprise & SME clients to deliver consolidating, cost saving IT solutions and projects.

Most common cybersecurity threats

The sophistication of the cyber threats and their intensity are escalating, amid the swelling levels of remote working and dependence on digital devices. The most damaging forms of cybercrime to enterprises include:

Social engineering
Including phishing emails, scareware and quid pro quo.

The third most popular type of malware used, Ransomware is employed in 22% of instances. In 2020 hackers demanded $1.14 million from The University of California after accessing COVID-19 research and stole 10tb of data from Canon.

DDoS attacks
DDoS (Distributed Denial of Service) can have a devastating effect on businesses with a high reliance on on-line traffic digital services. DDoS attacks have become an increasingly popular threat. Alarmingly there is an increase in DDoS for hire services, which are relatively cheap to engage.

Third party software
It only takes one compromised enterprise applications within the ecosystem to open the gateway for hackers to other domains.

Cloud computing vulnerabilities
Criminals scan cloud services searching for those that have no password, exploiting unpatched systems and performing severe attacks to access the user accounts. These breaches can result in ransomware, theft of data or coordinated DDoS attacks.

Threats are increasing

The unprecedented number of recent infiltrations demonstrates that cybersecurity risk is as significant as other critical strategic, operational, financial and compliance risks under a board’s scope.
Just as boards are charged with overseeing a company’s financial systems and controls, they have a duty to oversee a company’s management of cybersecurity. This includes oversight of appropriate risk mitigation strategies, systems, processes and controls.

Without effective oversight and accountability, an organisation’s cybersecurity governance systems, policies and procedures are rendered meaningless, leaving the enterprise vulnerable to attack.

How do you quantify cybersecurity risk?

The more an enterprise is dependent on digital devices and services, such as remote working and the cloud in general, the greater the associated risk is, as most threats appear from outside of the organisation than from within.
To quantify where your risks lie and what you stand to lose, auditing your current security capabilities is a good place to start. List your current security capabilities, the programs you have in place and what they are expected to do. By considering the most common forms of cyber threat (mentioned earlier) – how does your current programme address each high-risk scenario you may face?

Understanding your vulnerabilities

Having a very good understanding of your susceptible assets will help you create a vulnerability management plan. The plan most likely will include scans of all appropriate assets. This process should help you understand what specific action you may need to take and might include managing patches and updates. The vulnerability management plan can also feed into your business continuity and DR plans to strengthen your resilience. A thorough audit will pay dividends and is likely to uncover areas of ‘dark data’ within the enterprise, as well as quantifying cybersecurity risk.

How much should you spend on cybersecurity?

Your board will inevitably want to know how much budget to allocate to cybersecurity defences. Some believe 10% of IT budget should be spent on security measures, but this is misleading and an underspend could put your enterprise at risk. Another metric employed by some organisations is a percentage of revenue. This might add more gravity to the potential risk. We recommend spending in-line with the level of exposure and associated risk to cybercrime your enterprise has. Also, to look at it purely on IT budget spend, would severely miss the point. The approach to cyber security should be enterprise-wide rather than fitting into one specific domain.

Are regulatory compliance and cybersecurity the same thing?

In short, no they are not the same thing, but both have the same objective ‘managing risk’. Both are responsible for designing, establishing and enforcing controls to protect organisations, but they come from different camps.

Cybersecurity is responsible for securing the enterprise’s information assets from damage and theft and is in its nature very technical. Compliance focuses on ensuring policies, regulations and laws are adhered to and enforced. Its role is based in auditing, interviewing, reporting and communicating.
Confusingly, these two terms are often spoken of in the same breath and can become conflated. Both are however, managing risk to the enterprise. It is important that your board of directors understand the differences.

What are the new approaches to cybersecurity?

It is key to keep the board updated on the latest technologies so they might evaluate the options in an educated way. A threefold demand in cloud services has in part changed the cybersecurity landscape, with new approaches that include:

  • Zero Trust architectures
  • Real-time threat intelligence
  • Security Orchestration, Automation and Response (SOAR)
  • Advanced endpoint protections
  • Identity and Access Management (IAM)

In addition, enterprises are rapidly moving their operations to the cloud, replacing static and inherently insecure legacy systems, for dynamic, agile, integrated cloud and network systems, that are by nature inherently secure, due to their design.

At present some of these new approaches, may be out of reach for SME’s; however, as adoption gathers pace for larger organisations, the cost will fall, making them more accessible.

Cyber defences should match your organisations

Something worth highlighting to the board, is that whatever decisions/approaches your enterprise takes, in terms of cybersecurity, they will need to be tailored specifically to your organisation; ‘one size’ does not fit all.  To make it more specific to the enterprise, a ‘risk based’ approach is coming to the fore. By adopting a ‘risk based’ approach, your enterprise is committing to a systematic method, that identifies, evaluates and prioritises the threats you’re facing.  This approach allows your enterprise to tailor cybersecurity to your organisational needs and operational vulnerabilities.

Building a business case for cybersecurity spend

Show Business Value. Unless your enterprise has already suffered at the hands of cyber criminals, you will need to actively demonstrate the value of investment in cybersecurity to the board. We believe it should be a key board meeting agenda item on an on-going basis. The justification for spend should not only demonstrate losses avoided, evidenced (hopefully) by examples of high profile attacks elsewhere, but also commercial benefits. These include improved customer experience, reduced insurance premiums, lower loss covering capital retained, increased IT productivity and enablement of new digital services, to name a few.

Educate the board. By demonstrating the potential risks to each part of the enterprise, with ineffective or lacking cybersecurity measures, and balancing it with the associated benefits of a cohesive and progressive cyber strategy, will make sure that the board is fully engaged.  This allows the board to understand the risk and allows them to effectively communicate to all employees, how the exposure to potential threats is being managed.

Gain commitment

To gain the commitment of the board to embrace and manage cybersecurity risk, it is more than just getting the right presentation materials and the right metrics. It’s about being a part of an overarching risk management strategy, where cybersecurity can be contextualised, and into which your risk quantification can resonate and give the board some ability to better establish risk tolerances. 

If, after reading this blog, you feel that it might be the right time to look further into your organisations cybersecurity, having a partner who can help guide you through will be invaluable to making the right decisions. Pendulum offers support and cybersecurity expertise to help you get the most out of protecting your organisation from cybercrime.

About Us

Pendulum IT p logo

Pendulum is a leading IT company providing services, hardware and software across the UK and internationally. For further information on remote working, public cloud hyperscalers, cybersecurity, modernising the data centre, HCI or any other area please contact your account manager or email info@pendulum-it.com