enterprisesecuritymag

Outcomes Rising from the IT Roadmap Leveraging Microsoft Azure

By Chad Leverenz, Vice President, Information Technology, Mercy Housing

Chad Leverenz, Vice President, Information Technology, Mercy Housing

What does your roadmap entail?

What outcomes are you targeting?

The following are outcomes for the typical IT roadmap utilizing Microsoft Azure enterprise cloud computing:

The demise of LANs and corporate client VPNs

Local Area Networks (LANs), where clients and servers are on the same private networks, are relics of the initial Age of Computing. The future consists of one-to-one relationships between each client node and cloud endpoint over the Internet. Endpoints might be services including applications, file repository, database, portals, collaboration hubs, and micro services. Furthermore, there will be no need for client nodes to join a legacy domain and no need to VPN into a network. IT administrators will neither need to access nor manage the actual server operating system, server patching, or backup software. IT departments will not need to image desktops, patch client operating systems, deny employees from local administrator access, or worry about installed anti-virus applications. Why?

"BYOD, mobile, tablet, laptop, virtual reality devices, and future nodes will not be a factor in accessing and utilizing the apps"

Enterprise cloud computing removes the need for virtual machines (servers) and therefore server operating systems, backups, and patching. Client nodes do not need to join the LAN, legacy domain, nor do they need to VPN into any network because of these one-to-one relationships with the cloud endpoint. Client nodes do not need anti-virus (though I would still recommend it) because cloud endpoints scan every object that is inbound or outbound, uploaded or downloaded, and accessed or exfiltrated by using anti-malware, anti-virus, network security groups, access control lists, VNet peering, advanced threat protection, and Data Loss Prevention rules (DLP).

This future-state works because all cloud endpoints for this organization are browser agnostic, operating system agnostic, and client agnostic (mobile, tablet, laptop, desktop, virtual reality, etc.). The cloud endpoints use TLS 1.3 and SSL certificates making data in-transit encrypted. The client nodes have DLP enforced against them so that they cannot store documents locally (InTune rule for Azure-joined clients) and are forced to use OneDrive in Online-Only mode. Therefore, client nodes do not need to be backed up, imaged, joined to the domain, or patched. These are truly BYOD assets that the employee purchases as their device of choice.

The rise of Cloud Printing

Since we do not need LANs, domains, and VPNs to support corporate client networks, then it is as challenging to think about the rise of cloud printing and the lack of a solution in today’s world. Today, when you print in a corporate network you typically use private IP addresses, LAN technologies (switches, routers, VPNs, etc.), print connector services, and a small army of expensive assets that print in color.

In tomorrow’s high rises and commercial property management firms, printers will be positioned strategically on each floor to accommodate the pay-as-you-print model. Each print is attached to the commercial property WiFi network, and hence the internet to the cloud printing provider (e.g. I’ll call it AcmePrintCo). AcmePrintCo is a cloud-service that can take your company’s employee user accounts (UPN via Azure-joined, not domain-joined) and allow secure-release printing to any printer on its network across the world (hotels, commercial, doctor’s offices, grocery stores, malls, pharmacies, and retail stores). AcmePrintCo owns the printers– organizations will not need to invest in this capital expense. You, the consumer, pays for the output (e.g. one page of color=$0.5 charged to your credit card on file). You simply use the mobile app to login, send the job from your cloud file repository, and pick it up where you want it using secure-release.

Your organization has no printers because they are not in the business of IT hardware anymore (no computers because of BYOD, no printers because of AcmePrintCo, no Local Area Networks because of cloud services, no VPNs, no servers, etc.). There is very little IT hardware needed for each organization–a few very high-powered Wi-Fi access points, switches, firewalls, and internet circuits that fits in a small closet with adequate cooling is all that is needed to make most large offices adequately capable of enterprise cloud computing.

The absence of thick-client applications

Thick-client applications, like those that you download to install, are going away. They have been “going away” for the past 20+ years but it still hasn’t completely happened. We still download and install Office applications, FTP clients, Citrix clients, PDF applications, and other tools like ERPs, CRMs, Fundraising, etc. The drive to migrate them to web-based apps is picking up significantly and those that get there first will reap the rewards due to aggressive IT department roadmaps.

Microsoft Office is quickly migrating their Office applications to the Internet yet full functionality is still in progress. PDF makers are working on web-based solutions and ERP, CRM, and Fundraising providers are quickly making strides as well. In the future, there is no market for apps that you download and install. BYOD, mobile, tablet, laptop, virtual reality devices, and future nodes will not be a factor in accessing and utilizing the apps.

The demand of cloud skills (DLP, Micro Services, Customer Services, InfoSec Quality Auditor)

IT departments and the skills to maintain them are rapidly changing. Gone are the skills like network administration, system administration, application administration, backup and restore management, server management, storage area network management, and hypervisor management. In fact, I would argue gone are the need for typical IT organizational charts like Tier-1, Tier-2, and Tier-3. In today’s sophisticated cloud-based Technology teams, we need skills that can do all the following well: Customer service (still number one), Information Security, cloud-administration, Software-Defined Networking, quality auditing, DLP rule writing and testing, and Micro Service rule writing and testing. These are the skills we need to develop and grow as we finish migration into enterprise cloud computing.

By implementing an enterprise cloud computing platform, there are no servers nor virtual machines to manage, no client nodes to manage, and very few hardware assets to manage. Locally installed software will be gone, anti-virus will be incorporated in all things cloud, and employees will use the device they choose to purchase. IT will transform from nearly all CapEx to nearly all OpEx and the employee skills will be the most valuable “asset” in the department. This is our roadmap and the outcomes we are realizing.