Wednesday, April 8, 2020

Cloud Strategies and Authentication Methodologies

Like any forward thinking IT Department, we have been vigilant in trying to find more and more efficient methods of connecting our users with their data/resources.   Do more with less resources is the mantra that no IT person ever wants to hear, but it is chanted by every executive, either breathlessly behind closed doors, or touted as the norm.  While I have never been a stranger to this, working in start-ups for the past 25 years, it has become more about how efficiently I can run a department by offloading repetitive tasks to automation while maintaining the integrity and security of a system. 

Clouds are Brewing

A lot of companies 'doing more with less' have adopted cloud strategies where only on-premise systems used to live.  At first - 10 years ago - I was against moving things to someone else to host/serve.  Why would I want to give up control of a system or service - the hardware, the software, the management and configuration, not to mention the customization.  

My first foray into cloud services was Online Exchange - this pre-dates Office 365 by about 3 years. At first, the thought of me allowing my Sys Admin skills in managing a mail system going stagnant was horrifying.  But then the ease of managing a system as complex as Exchange, yet offloading all the technical bluster to a 3rd party was exactly what I needed at this new job I was starting.  

Gone were the worries about disaster recovery or day-to-day maintenance that Exchange systems love to produce.  If there was a problem, I engaged that 3rd party to find the solution - they became my 1st level of technical support for issues.   I could learn to like this.  It was providing me more freedom to grow into other areas and focus on the company and not the tools.

Fast forward 10 years and now a lot of companies are adopting a cloud strategy or culture (cloud culture).  It allows the offloading of otherwise critical systems that would require multiple administrators to manage/run.  My exchange system today consumes over 3.3 TB with 375 active e-mail accounts.  It services a global community of sales, services and support folks and remains very accessible and has an up-time around 99.99%.  To run that same system on premise, would take a lot of hardware, dedicated storage area network, with replication to a hot site some place, not to mention a full time admin if not two. 

How Many Passwords?

Now we come to the crux of the article - and that is the disparate nature of cloud systems/services.  This new urban sprawled compute environment has one glaring issue.  Each system usually has its own set of logins - ways to authenticate and/or password systems specific to that resource.  That is until companies like OneLogin or OKTA came around to help extend a single authentication schema that could be used across multiple different platforms, including Atlassian, O365, Salesforce and online ERP systems like Netsuite or Dynamics 365.  Again - looking at doing more for our company but with less manpower to do it with.  Instead of several different logins I have to remember and onboarding processes, I can now relay upon a single provider to assist with authentication and provisioning of these different systems. 

Virtana uses OKTA.  They are a very robust provider of authentication services, ranging not only from the actual SAML Authentication process, but multi-factor authentication, automated provisioning/deprovisioning services that ensure the mitigation of user errors.

Fast forward to today and we have deployed this single solution (OKTA) in over 20 different services my team provides for our company.  Couple this with employment of multi-factor authentication with rotating keys or SMS verification and we have a fairly robust and stable authentication mechanism.

Now when we are tasked with bringing online a new system (SurveyMonkey or Monday), we first look for the SAML integration points and how we can continue to leverage our single sign on system.  

Monitor My Cloud!

Recently, Virtana acquired a company called Metricly.  This company has a wonderful framework for monitoring Cloud systems - like AWS instances.  This became the third pillar in our triad of performance monitoring solutions, called Cloud Wisdom.  Now - this isn't an infomercial or advertisement.  It is a product that truly delivers what it says - an analysis of your infrastructure and an uncovering of the abstract nature of what cloud service providers currently offer.  The best part of this platform is the Cost Optimization model (from an OPEX point of view).  It is one thing to say AWS cost us $50,000 this month - but it is another thing to see that breakdown and understand that by shifting and moving resources around, we could save the company some dollars!  That is extra money that we could use to innovate more or invest in infrastructure or people!  I might be biased - then again, I also just might be experienced!   Check out CloudWisdom here: https://www.virtana.com/products/cloudwisdom/