Migrating to the Hybrid Cloud Brings New Sets of Challenges to CIOs, Singer Tells NJTC

Photo: Jill Singer spoke about the hybrid cloud at the NJTC CIO event in late February. Photo Credit: Esther Surden
Jill Singer spoke about the hybrid cloud at the NJTC CIO event in late February. | Esther Surden

At the New Jersey Technology Council (NJTC) CIO conference February 27, 2014, keynote speaker Jill Singer discussed the hybrid cloud and how CIOs should handle migration to this part public, part private entity. The conference took place at Synchronoss headquarters in Bridgewater.

Singer recently completed 27 years of federal service, including holding the post of CIO of the National Reconnaissance Office and deputy CIO of the Central Intelligence Agency.

“I believe that over the next few years the hybrid cloud will be the cloud environment we hear about constantly,” Singer said. “It brings a new set of challenges. You have to plan for three- to five-year chunks of success. We are on the second generation of cloud, and we expect a new generation of cloud to emerge over the next several years.”

Most private-sector companies are still evaluating the hybrid cloud, and many don’t know how to properly migrate to it, Singer indicated. The government, she said, uses the concept that involves a public cloud, a private cloud and synchronization between the two.

She added that companies with intellectual property or a “secret sauce” of some kind who are only in the public cloud now “have already decided to take the risk of putting their secret sauce in someone else’s hands. Once you move to a hybrid environment, you can yank that information out of the public cloud and protect your company’s IP.”

The private cloud contains sensitive data, applications and information that are business operation-specific and processes that are heavy on applications. If you follow this guideline, you’ll have a better user experience, Singer told the group.

You can put items that are customer-facing, such as applications that can work well in a mobile app, on the public side. These apps still need to be encrypted, she said.

“You really want to make sure you have both environments. Putting public and private together is the next generation of where we are going,” noted Singer.

At the U.S. Departmentof State, for example, the public cloud handles citizen-facing passport and visa applications and lets people register themselves with that department if they will be in a potentially unsafe area. As soon as that information is touched by a State Department employee validating the passport or processing the visa, the information is in the private cloud. “You want to do all that on the private side, away from the public eye,” said Singer.

She reminded the group that if they didn’t have strong identification authorization before the Target and the University of Maryland security breaches, they should certainly have it now. Multiple layers of authentication and authorization are required as you move into a hybrid cloud, especially on the private side. “When someone from the State Department begins to work on a passport application, I’d expect them to present more credentials,” said Singer. Officials should present not just a user ID and a password but perhaps also a card that can be swiped, a badge with an embedded ID or an RSA token, she said.

“Also, remember that the network path the person used to get to you is important to know,” said Singer. You need to know if it’s a trusted path or if your worker is linking in from Starbucks, she said. “What you are going to allow them to see will be based on the networks they are coming at you from.”

A challenge of the hybrid cloud is synchronizing data between the private and public side. Advised Singer, “You need to make this as simple as you possibly can. You want to know there is one source of truth and know where that truth is.” CIOs can be asked in court about the data or questioned by superiors, and “you don’t want to have doubts that the data wasn’t synchronized.”

“I recommend bold separation between your public and your private cloud when you are in a hybrid cloud environment. Do not let your public cloud leak into your private environment. Make sure the private environment is well guarded,” she said.

“If you are still using fire walls, you need to up your game and have more layers  of security around your private environment,” Singer added.

To prevent leaks like the Edward Snowden one, said Singer, “we recommend nested system administrators, so that no one holds the keys to the kingdom.” That can be implemented via a two-person rule — whereby it takes two people to get into the system — or a nested system, with different layers of access granted to different system administrators, one of whom has been screened more thoroughly. System administrators, said Singer, don’t need access to data.

Moving to the hybrid cloud gives CIOs a chance to sit back and think about what applications belong where, Singer noted. “You can do that inventory because, if you can avoid putting an application in more than one place, that’s what you should do. Not only does it save money but it makes synchronization of applications, upgrades and baselines a lot simpler,” she said.

With regard to provider contracts, Singer said CIOs have to ensure that they don’t give ownership of and responsibility for the data to the provider. They must make sure they can move between clouds at will. “There are horror stories of people trying to leave one cloud provider to go to another one, but the original cloud provider won’t release the data … . ” You don’t want to be the individual who got into that kind of contract, she said.

Sharing is caring!

2137 More posts in News category
Recommended for you
Iain Kerr conducts a 3D printing and innovation workshop for teachers.
Educators Learn How to Teach Innovation via Montclair State 3D Printing Workshop

In August, NJTechWeekly.com visited Jason Frasca and Iain Kerr, professors at Montclair State University (MSU),...