Agile, scalable and flexible data centres are the new normal. To achieve this new, heightened level of normal, an increasing number of companies are moving to the cloud, and with this comes considerations around risk management and security.
Bayport Financial Services, one of the largest non-bank providers of unsecured credit and allied products in South Africa, has its sights set on the cloud and is working with AVeS Cyber Security to bring its vision to fruition.
"It's a three-phase project based on our tried and tested IT-Business Enablement Roadmap. The priority is to build resilience into Bayport's data centres," says Charl Ueckermann, CEO at AVeS Cyber Security.
Bayport Financial Services has a considerable IT infrastructure to support its users in its nationwide branch network, as well as achieving the extension of its products and services into some of the most remote areas of the country. Running in tandem to Bayport's implementation of cloud data centres is the relocation of its existing, local data centre to a hosted one. Two cloud-based data centres will be replicas of the local data centres to provide optimised resilience.
There are several services that Bayport wants to put into the cloud, based on traditional infrastructure. Among these are e-mail collaboration, identity and access management, Microsoft Office 365 and file sharing, consolidated to Microsoft Azure.
"Various third-party file sharing services, such as Google Drive and Microsoft OneDrive, are currently at play," says Ueckermann. "The goal is to consolidate these into a single management layer. We are also looking at the possibility of expanding the network into Docker, which performs operating-system level virtualisation or containerisation. With Docker, software packages can be run as containers that are isolated from each other, but can communicate with one another within defined channels. This ring-fencing approach would provide for an environment that enhances both the security and performance of the cloud data centre."
AVeS Cyber Security has completed the initial phase by designing a foundation that will allow the business to make its move to the cloud while utilising Microsoft Azure. Crucial to this initial stage has been the identification of security risks associated with the cloud and how to manage them.
Ueckermann points out that cloud-based data centres require a similar approach to security as on-premises data centres. "It's just that companies often neglect security of their cloud-based data centres because they lack the know-how. We are working closely with Bayport to implement stronger security practices for cloud adoption.
"We have applied local data centre principles to Bayport's cloud data centre to cover how the machines will be protected from a low-level point of view, including backups, how the cloud data centres will be isolated from the networking layer, perimeter protection, and access control."
AVeS Cyber Security has implemented a site-to-site VPN to Azure and configured the hybrid synchronisation between the on-premises Active Directory and the Azure Active Directory.
"We are now in the process of updating the already procured application stack for easier cloud integration and looking at ways to control costs by taking advantage of Bayport's licensing renewal with Microsoft," explains Ueckermann.
"Cloud-based delivery is based on a per user count and allows us to dynamically reduce or increase the number of active users. One licence provides multiple functions to each user, so it is easier to understand true user costs."
As an example, he says one Microsoft Office 365 and one Enterprise Mobility Suite licence will offer e-mail services, Skype for Business, SharePoint, OneDrive, Microsoft Office (on five devices), self-service password resets, endpoint device management (including phones and tablets) and advanced security for documents management.
The next stage will involve offloading the intensive resource applications to the cloud to release data centre resources. This will also remove the requirement for local disaster recovery centres and help to reduce the administration required for maintenance and upkeep. The more services that are offloaded to cloud, the better the protection of those services will be. Local and cheap Internet also becomes an option of connectivity for office applications, as remote users are now able to securely access their office platforms from anywhere.
Ueckermann concludes: "This project is a particularly exciting one, given its sheer scope and the enthusiasm of Bayport's team to embrace the cloud as an enabler for their business."
Share