CloudEXPO 2019

Designing a Highly Secured, Hybrid, Multi-Cloud Infrastructure for an Enterprise -- a Case Study

For many large enterprises and government agencies, establishing a cloud infrastructure consisting of multiple cloud service providers (CSPs) is a necessity to provide alternative services, avoid vendor lock-in, benefit from competing prices, and mitigate potential risks. These large enterprise and government agencies also require hybrid cloud infrastructure to meet controls when their data centers connect to the public clouds for identity federation, security monitoring, cloud management, and on-prem to cloud system communication. Implementing comprehensive security controls for moderate to high security categorization, therefore, obtaining Authorization to Operate (ATO) for moderate to high security impact systems, is another necessity for the enterprises and agencies to deploy their mission critical systems to the cloud.How do you put all these requirements together, and design a highly secured, hybrid and multi-cloud infrastructure for an enterprise with satisfactory security, usability, stability, manageability and performance quality attributes? In this presentation, we will work through a case study to build an enterprise-level multi-cloud infrastructure in AWS and Azure. Specifically, we will present:

•Multi-cloud adoption strategy
•Enterprise cloud account management
•High level hybrid multi-cloud architecture
•Multi VPC (AWS) or vNet (Azure) network design
•On-premises to Cloud network design
•High availability, backup and recovery
•Security-in-depth architecture

Identity federation, multi-factor authentication to cloud portal and VM console
Centralized perimeter and zone security design
Centralized logging, auditing design
Centralized SIEM design
Anti-virus, intrusion detection, vulnerability management

•Cloud operation: patching and upgrading strategy
•Single-pane-of-glass multi-cloud management
•End-to-end infrastructure as code to automate the entire cloud and on-premises service provisioning

At the end, we will also present a technology decision tree used to facilitate the process for selecting appropriate on-premises and cloud technologies based on security, viability, total cost of ownership (TCO), and efficiency. We will also discuss and demonstrate a cloud center of excellence (CoE) framework and initiative to improve the maturity of cloud adoption processes.