Understanding the technical architecture of digital infrastructures is critically important, in particular for non-technical professionals.
I have spent more than a decade educating people on cloud security, for example through certifications such as the Certificate of Cloud Security Knowledge (CCSK), organized by the Cloud Security Alliance (CSA), and the Certified Cloud Security Professional (CCSP), as organized by (ISC)2. These bodies of knowledge cover a lot of ground, and most of it is related to digital infrastructures at scale.
My students come from many different backgrounds, each bringing with them a unique set of experiences that color their understanding of the way the cloud is managed and controlled. This is the reality in practice, because secure cloud adoption is a team sport where diverse backgrounds count in order to reduce the risk to organizations.
What is technology architecture?
Architecture is often used to mean the overall structure of something, and technology architecture then describes how various technology components fit together.
Cloud computing, in my opinion, does not have that much new technology. Most of the technology we have today was already in existence before the advent of cloud computing. Today, a common characteristic of the technologies that are relevant for cloud computing is the fact that they facilitate resource pooling and interconnection of systems. Resource pooling is an essential characteristic of cloud computing, and a technology such as server virtualization helps implement that sharing. But server virtualization should also guarantee proper separation between otherwise independent cloud tenants.
Technologies such as APIs and federated identity management allow the cloud to be made up of a lot of collaborating independent companies. This helps create an IT supply chain. Your average company has hundreds of SaaS suppliers who in turn use hundreds of other cloud companies to help them deliver their services. APIs also enable the essential cloud characteristic of automatic self-service provisioning. For example, through APIs we can set up auto-scaling services. Again, this is a tool in building the IT supply chain.
Beyond the company boundary
The new thing that cloud computing brings is sharing between independent companies, interconnecting different, independent providers and automating that. The whole technology architecture now spans the IT supply chain. This has big governance and security implications. For example, when that collaboration or isolation fails, we cannot escalate these problems to our own CTO or CIO to resolve them. These problems are not confined to a single company anymore. They have to be resolved between companies.
The technical collaboration between companies will only work with proper contracts and management processes. This has to be set up in advance, instead of figuring out how it works later, as is so common inside an enterprise. And the people whose competence is to review these contracts and set up the service management processes therefore must understand how the technology enables that collaboration. That is why technology architecture is so important for less technical people. And that is also why it can be hard. The CCSK body of knowledge focuses specifically on how cloud technology architecture has an impact on cloud management, in particular on cloud risk management, and that makes it a great tool for building effective cloud adoption teams.
Even those who are not involved in day to day technology decisions should still have an understanding of it, because in today’s world, it does matter to them. This always reminds me of a World War 1 quote from the french Prime Minister Georges Clemenceau.
War is too important a matter to be left to the military.
(La guerre! C’est une chose trop grave pour la confier à des militaires.)