Additional Principles
Always Aim for API-Centric Integration
APIs are the preferred way of performing cloud integration.
What value does this principle offer?
- APIs are the bridge between business processes and services for the backend implementation.
- APIs define a clear standard for inter-process communication for applications.
- Modern REST-based APIs provide a simple and easy integration method.
What are the implications of applying this principle?
- Use APIs and the API platform to avoid exposing backend APIs directly to customers and external applications.
- Use platform solutions for Cloud-to-Cloud and Cloud-to-On-Premise integration.
- Define an API platform as an abstraction of the real backend APIs – Do not expose real API to the internet.
- Document APIs for both internal and external use.
- Define security and usage governance for all APIs.
Ensure Maximal Data Security
What value does this principle offer?
- Data security protects digital data from destructive forces and the actions of unauthorized users.
What are the implications of applying this principle?
- Encrypt customer data.
- Protect systems, data, and technologies from unauthorized access and manipulation.
- Restricting access to information must be identified and implemented at the data level, not at the application level.
- Open sharing of information, and the release of information via relevant legislation, must be balanced against the need to restrict the availability of classified, proprietary, and sensitive information.
- It is important to consider data security for data at rest and in transit.
- The management and governance of encryption keys should be in place from the very beginning.
- Consider the management and lifecycle of encryption keys. This includes generating, rotating, and archiving the keys.
Emphasize Strong Identity Management
What value does this principle offer?
- Unified access management enables users to leverage their core identity. They can then connect to all their IT resources – including systems, applications, files, and networks, regardless of platform, protocol, provider, or location.
- Unified Identity Management simplifies administration, reduces costs and operational complexity, improves the end-user experience, and improves organizational security.
What are the implications of applying this principle?
- Manage all users and identities in a central (optionally federated) identity management system.
- Deploy an IAM solution to manage identities for cloud and on-premises applications in enterprise-grade hybrid deployments.
- Cloud SSO - Synchronize user identities from on-premises Identity Providers.
Commit To Authentication, Authorization & Accounting
Make it easy for users to acquire and provision access. Make it easy for managers to review and revoke access.
What value does this principle offer?
- Enterprises need to ensure users have sufficient access privileges to perform their job functions, but it’s also vital for compliance and security reasons to constrain such access.
- Accordingly, enterprises must make it easy for users to acquire and provision access and easy for managers, resource owners, and system administrators to review and revoke access.
What are the implications of applying this principle?
-
Authentication, Authorization and Accounting are basic security concepts. Understand and describe how the different concepts are managed from a central point.
-
All privileges need to be assigned via centrally managed roles for separation of duties.
-
Use solutions for centralized management of accounts, as well as for monitoring and analytics purposes.
Put Special Focus On Cloud Management & Monitoring
Give the organization the data required to understand the status of the system, and the capability to quantify progress towards business objectives.
What value does this principle offer?
- Monitoring allows the business to measure and collect KPIs on the systems and business performance. In turn, this allows the business to make relevant decisions.
- Management allows the business to act on business decisions and change the infrastructure, application and business processes.
What are the implications of applying this principle?
- Governance is required for management and monitoring. Define what needs to be monitored and managed. The effort must support a business reason or benefit.
- Cloud infrastructure, platforms, virtual machines, containers, and applications (all assets) must be managed and monitored, primarily for performance, availability and security.
Simplify Issue & Incident Management
When an incident occurs, restore routine service operations as quickly as possible, and minimize the business impact.
What value does this principle offer?
- Issues and downtime on systems will impact the business. Revenue loss and reduction in customer satisfaction are a real possibility. Optimized issue and incident management aims to reduce or eliminate these risks.
What are the implications of applying this principle?
- Define 1st level, 2nd level and 3rd level support organization/responsibilities
- Define escalation and interference with service management processes, such as Event Management and Problem Management
- Define metrics and SLAs.
Establish Cloud Security Operations Center
A centralized unit that deals with security issues on an organizational and technical level.
What value does this principle offer?
- The consequences for businesses that experience data breaches are severe and increasing. This is mainly due to the increased regulatory burden for notification of the individuals whose data has been compromised.
- Notification requirements and penalties for businesses suffering a data breach differ with the jurisdiction.
- The SOC supports the business to reactively and proactively analyze and manage security threats.
What are the implications of applying this principle?
- The IT department need to create either a virtual or dedicated SOC. This can include dedicated facilities and teams fully managed in-house in a distributed model.
- To manage threats, Infrastructure, security management, and analytics tools are needed.
- Proactively identify security issues using AI before any damage occurs.
Consider The Solution Lifecycle
Addressing the full life cycle of an information solution, from inception, through maturation, to its eventual disposal.
What value does this principle offer?
- As solutions mature, they should not disrupt the business.
- All maturity changes should be delivered as smoothly as possible.
- Delays in new versions and features might impact the business. Customers promises, or expectations, might not be fulfilled on time.
- Continuous Delivery of new features is required.
What are the implications of applying this principle?
- A solution needs a defined lifecycle, including implementation, operation, and new developments for the future.
- A Solution Architecture Board should exist to define the future roadmap of the solution.
- Tools for Application Lifecycle Management (ALM) are needed to document the lifecycle. Examples include; JIRA, GitLab, Mylyn.