Is this the right cloud service for my workload? We break down how to answer a key hybrid cloud security concern.
Why GE is moving nearly 9,000 apps to the public cloud
We support approximately 9,000 applications at GE, and our enterprise IT efforts right now are focused on moving the vast bulk of them into public cloud. This may sound like a counterintuitive strategy, but here is why it’s a great fit for GE.
In our environment, like many others, we ran the bulk of our applications on-premise in private cloud and highly-virtualized environments. Yet we were still dealing with the challenges of demand spikes without sufficient capacity. We had the desire to burst out to external cloud to solve these problems by leveraging a hybrid cloud. However, if we were able to burst out to the external cloud to support our applications then why were we running the applications internally at all? This insight gave us a new perspective on the importance of public cloud in any strategy.
Walk (to the cloud) before you run
Clearly, you can’t move 9,000 apps to the cloud at one time, nor would you want to. Our approach at GE is threefold, and one you might want to consider:
1. Evaluate the right cloud providers. Any garden-variety cloud provider won’t do, so we have conducted close evaluations of different providers’ security capabilities, governance control points, global scale, and their ability to serve high-volume requests.
2. Organize the app environment. We conducted an assessment based on internal controls of our applications and categorized their risk profile into low, medium, and high. We then designated which cloud provider landing zones were appropriate for each of these risk profiles and the required associated controls.
3. Move apps to cloud based on how they profile. Right now we have ~350 low-risk applications running in the public cloud with a target goal of 1,000 by the end of 2015. We also are working on additional controls, which will allow us to place medium-risk applications into public providers. Our high-risk applications are placed into public cloud providers as well, but we assessed and implemented controls with these providers to create an environment conducive for those applications. We label these landing zones as Hybrid in GE but not under the traditional cloud definition of bursting private cloud into public. We define Hybrid as secure, single-tenancy within a public cloud provider.
As part of our security controls and internal services consumption, we have the concept of interconnection oriented architecture, which is an extension of these GE network capabilities. This interconnection oriented architecture means we contract with colocation facilities where we can place our inspection tools and GE services into dense meeting areas of the multi-cloud environment. These are places where you find many cloud providers under one roof and we can place our services, inspection and data sets within them to obtain cloud agnostic, high speed adjacency. These “colo hubs,” as we call them, give us the ability to manage our security and governance, maintain performant relationships between cloud providers, and gives us the same level of control we have today hosting applications internally.
The optimism of cloud co-creation
Our day-to-day stance with public cloud providers is an optimistic one. No single provider has all the answers yet, but the ones we have engaged with have been open and willing to work with us. Some of the gaps are based on the maturity of the cloud provider and understanding how we’re approaching multi-tenant cloud, but also GE’s own cloud maturity improving as we get better at leveraging the capabilities of these cloud providers.
Another factor in making our journey to public cloud successful is our self-service (or what I call opt-in) approach, which allows business units to choose the services they wish to consume. People will naturally gravitate to high value, frictionless services. We work to provide those capabilities, but if there is a better alternative then it’s customer choice. We do require adherence to security services, but all others need to stand on their own merit.
To enable this self-service, opt-in environment when we work with a cloud provider we want to limit the quantity of services that we must control and govern and open up the remainder to the customer. This environment provides the secure guardrails to protect the corporation while allowing our customers to meet the speed that their business demands. For example, internal customers have full control of most of the features within a cloud environment, with my team restricting a small subset for governance, security and risk management reasons. As long as the provider can give us that granularity of separation, it’s a win-win.
At the end of the day, moving to a public cloud environment makes sense at GE for several reasons:
1. You can do it at global scale. We operate in 175 countries, and relying on a private cloud infrastructure is still a significant challenge in some regions. Public cloud helps us to deliver fast capability around the world.
2. You can leverage variable pricing. Working with a public cloud provider, we can adjust and adapt our pricing based on time of day, scaling resources up and down, and only paying for what we use. At the very least, public cloud has been cost-neutral for us, without counting all the additional benefits of innovation cycle time reduction, and when an application is optimized for the cloud it’s cost-favorable.
3. You make acquisitions and divestitures easier. With a public cloud model, you can execute these transactions more quickly and cleanly by separating infrastructure within virtual networks and also due to the great detail you can access at the costing level.
4. You have unlimited elasticity. Running inside a public cloud environment, you’re able to consume unlimited capacity as needed. Today, we scale up and down thousands of times in a day while we handle peak loads or run experiments. That’s valuable to us and very difficult to achieve in a private cloud environment.
5. You have access to cloud-native services. As our providers continue to innovate and offer new services built for the cloud, it’s clear that they would be difficult for us to match in a private cloud. Why should I figure out how to create Hadoop as a service internally when someone has done this for me in the cloud?
Lance Weaver is the Chief Technology Officer for Cloud at GE Corporate. His organization is responsible for the architecture, design and implementation of GE’s Industrial Internet and Enterprise IT global strategy leveraging Public, Private and Hybrid Clouds. In his prior role, as CTO of GE Appliances and Lighting, Lance was responsible for the overall technology vision of a $9B division of GE leading a 400 member global team delivering core infrastructure services, application middleware and data analytics. Lance has also held several additional roles for divisions of GE including Executive Director – Application Infrastructure, IT Operations Leader and Chief Information Security Officer. Prior to joining GE, Lance was a consulting engineer for ten years designing, selling and implementing infrastructure solutions for a broad range of customers. Lance holds a Bachelor of Science degree in Criminal Justice from Truman State University.