Setting up a Secure and Resilient IT Infrastructure in the Cloud

The Challenge

The Ukraine war constitutes a historical turning point. Besides its massive socio-economic implications, it is the first war between nation-states fought as hard in the virtual realms of the internet as it is on the open battlefield. According to a Microsoft report, the number of Russian cyber operations against networks in the Ukraine increased tenfold between December 2021 and March 2022. This trend has intensified with an increase of state-sponsored cyberattacks not only in the Ukraine, but also Europe and the US. Especially IT around critical energy infrastructure, such as power plants, pipelines or storages have moved into the focus of cyberattacks. We are observing that companies in the energy sector are challenged by this dramatically changed threat landscape, often troubled by outdated hardware, unsafe software and neglection of basic IT security design principles. While many IT security modernization projects on a infrastructure level focus on the long-term, delivering short-term improvements is required given the current threat landscape.

‍

‍

In addition a successful approach on IT security requires not only to secure underlying IT infrastructure and maintain critical services from cyberattacks, but also to swiftly get back in business after a successful one – or short, on IT resilience. In that respect, cloud-based architectures are at the advantage not only due to the fact, that they are not dependent on a specific set of hardware at a predefined geographic location, but also that leading cloud providers are offering a range of out-of-the-box security improvements that are fast and easy to implement.

‍

The Approach

If a company operates its own IT infrastructure, the requirements to achieve and maintain IT security are high. The technical infrastructure must be in a modern state, regularly updated and operated by specialized experts. If these prerequisites are not met, migrating the relevant systems to the cloud is a solution that significantly improves security already in the short-term and usually requires less effort than augmenting on-premise infrastructure and workforce. To ensure this can be achieved in a timely manner we recommend the following approach:

‍

‍

1. Rehost applications following the lift- and shift-concept

Applications and virtual machines are rehosted from their current on-premise environments to the cloud mostly by transferring as-is copies. By utilizing this method, most of the application landscape can be migrated in a short period of time. While this does not enable the utilization of all cloud features in the first step, it provides a greatly enhanced level of security, without significantly interfering with business operations. In addition to inherently increased safety in a cloud environment, cloud hyperscalers offer a wide range of security tools, that can be used without significant implementation effort. This for example includes the usage of disaster recovery or creation of backups, significantely improving IT resilience.

‍

2. Replatform selected “quick-win” applications

Once the business-critical applications have been rehosted to a safe cloud environment, it is advisable to adopt more cloud-native features. This is done by replatforming selected applications, for example by using managed cloud databases or scalable cloud orchestration services. Replatforming is done without affecting an application’s core architecture and therefore often requires only minor adjustments. The focus of this phase should be on applications, where the highest value add to effort ratio was identified beforehand. Replatforming reduces costs and maintenance efforts on the one hand and increases scalability and resilience on the other hand.

‍

‍

3. Transform to a cloud-native organisation

While the previous steps focused on realizing value in the short-term, the third step aims to maximize the organization’s innovativeness and minimize its operational cost in the long-term. This is achieved in two ways: firstly, more applications are moved to their target environments by repurchasing or refactoring applications, which includes applications that were initially neglected due to higher transformation efforts, and secondly, the company has to be transformed to a cloud-native organization by rethinking significant aspects of its operating model. This includes the move to a service-oriented IT infrastructure provision with clear and transparent infrastructure service cost and SLA-based delivery. The central IT becomes a Cloud Center of Excellence with responsibilities around platform management, governance, and automation.

‍

The Impact

In a short time, the most relevant applications of the client have been migrated to a cloud environment. The security effect is significant, as the applications are now operated on a state-of-the-art infrastructure in the cloud, which has restored trust in IT operations. In addition, the project significantly broadened the knowledge base of the client’s employees. As operating on-premise data centers is not within the core business area of the client, it also contributed towards concentrating efforts on business challenges currently affecting the energy sector.

‍

‍

Looking Into the Future

Given the time pressure the migration to the cloud achieved all its goals in the shortest timeframe possible. The cloud infrastructure is a vast improvement regarding security and resilience, facilitating business continuity and disaster recovery. Also, the cloud infrastructure provides an improved operational and strategic flexibility as it removes constraints imposed by on-premise commitments and predefined geographic locations. Additionally, the easy scalability and the adaptability to embrace future technologies like big data or artificial intelligence build the foundation for future business growth. Driven by security concerns, this cloud migration has laid the foundation for a cloud-first strategy in the client’s IT.