Making sure that the data centre has a proper security system is integral as it accommodates all your enterprise data and applications: Shiv Kumar Bhasin
Shiv Kumar Bhasin talks about the things one should not do while building a data centre, the future of cloud and on-prem facilities and the issue with cloud lock-in
What are the things that one should not do while building a data centre?
In my opinion, when it comes to data centre projects or delivery we do not detail out the design plan and specifications. Whenever a financial services institution delves into selecting or shortlisting the data centre, they need to carry out an analysis of whether this can be their IT home for at least a decade. I think selecting a data centre is something like marriage. In my experience, I have seen a lot of people opting for a data centre with short-term planning or just going there and hosting the racks.
Also, do not entirely rely on tier ratings while selecting a data centre as they do not promise the same resiliency. Rather conduct a thorough evaluation of the facility to decide how the building infrastructure and staff procedures meet one’s expectations.
Another important aspect that many people overlook is the security part. Making sure that the data centre has a proper security system is an integral part as it accommodates all your enterprise data and applications, a security breach could mean a huge catastrophe for the organisation.
Do you see a future where most businesses will rely mostly on cloud or on-premise? And how do you see the balance?
In my view, the immediate future looks more on the hybrid side and it doesn’t seem like everything will go on to the cloud. And one of the key contributors towards that are:
- Regulatory and compliance
- Data privacy and data security areas
- The legacy architecture of your critical business applications
Even though India has leapfrogged in the early 2000s, whereas the other BFSI organisations in the rest of the world were using mainframes, still when you look at the structure of the cloud-native application, it is still monolithic. So this is one of the key areas where people need to look at the modernisation of their applications.
Also, whenever one has to burst the load and you can’t order or procure the infrastructure in the shortest time, you can swing to the public cloud. This has been a popularly used case scenario across platforms.
Most people usually market cloud applications, however in reality very few people really use it, as most people get handicapped when their applications don’t support cloud native architecture and that is where a lot of new models have emerged, For instance, most of the OEMs are now coming up with on-prem cloud features. So in my view that is another area to experiment with, on-premise. Also, I would say that it is very easy to suggest to move to the cloud but still there is a challenge in terms of the data intensive applications which means that moving the data to the cloud, as well as if you are not happy with your cloud service provider, and then choosing to move to another vendor is also a painstaking process. And I would like to conclude by saying that cloud adoption has not grown the way as it was expected.
Cloud lock-in has been big problem, especially in industries like pharma where the adoption has been very slow because once you get into the cloud it is very difficult to get the data out. How do you work around this and get it resolved?
Work around also comes with your resiliency features. For instance, from a resilient point of view, either you use the cloud for initially to start the adoption for resiliency, so your DR part is on the cloud and while the main production is on-prem, so in that way you can test the waters and you have the copy of data on-prem. And, in case you are adopting a full fledged cloud adoption, sometimes the sheer inhibition to collaborate with outside providers to manage critical applications and IT security is something most organisations are not very comfortable with and for some others it’s just a complicated process.
While most cloud providers offer built-in cyber security measures as part of their offerings as well as round-the-clock monitoring and maintenance of your virtual servers to prevent intrusions or data loss, some data can be considered too sensitive to trust to the cloud. For some businesses, the fact of having to collaborate with an outside provider to manage IT security is something they’re simply not comfortable with. For others, it may be slightly more complicated.
On the other hand, an on-premise facility demands the organisation to procure a license or a copy of the software to use it. So from a security point of view, the license and the software only reside within the control of the organisation, so naturally, there is far more protection being offered than from cloud infrastructure.
*This article is transcribed on the basis of a conversation Express Computer had with him at a conference*