BizTalk Services, Azure BizTalk VM and On Premises BizTalk
There are three completely different approaches to locating your Microsoft BizTalk integration engines, to face today’s fast-paced business environment and to help companies to increase efficiency, and decrease costs. Those approaches are:
BizTalk Services (PaaS) – Azure BizTalk VM (IaaS) – Traditional on-site (On-Prem)
In our last session we talked about Technical Expertise Required. Today we are going to cover Regulatory/Legal Considerations and Security Issues.
Regulatory/Legal Business Considerations
If you are in an industry that is regulated, you need to fully understand the requirements of those regulations before you can consider a moving your business the cloud. This holds true in highly regulated industries like Healthcare(HIPAA), Pharmaceuticals(FDA), Airline(TSA, FAA), and Financial Services(SEC, Dodd-Frank) as well as in other less regulated industries.
As is often the case, the letter of government agency regulation lags behind the progress of technology. While there are some regulatory frameworks that now take into account the availability of cloud based integrations, the vast majority of them do not speak to the issue directly. This leaves the viability of cloud based solutions to the discretion of your individual auditors. This fact makes it highly recommended to have a discussion with your auditors before deciding to move your integration engine to the cloud . . . if there is potentially an issue, much better to find out about it before a move, than after a move, during an audit.
If you are working in a highly regulated industry, (or even a less regulated industry that still has some controls, like SOX, or if you are part of a publically traded company that needs to be able to report to shareholders) do NOT underestimate the importance of clearing any cloud based integration plans with your auditors. Remember that a preferred technology solution is always going to lose, when in conflict with a regulatory requirement, and you don’t want to be on the losing side. Find out for sure, before you make the decision that best fits your business.
Security Issues
Security issues related to the cloud are many, complex, and the subject of considerable debate within the technical community. Typical areas of debate result from only considering a single aspect of the complete security picture, rather than from assessing security as the holistically complete issue that it is.
In short, the three alternative locations for BizTalk to be hosted (On-Prem, BizTalk Services or PAAS, and Azure BizTalk VM or IAAS) do not offer significant security advantages or disadvantages when compared to each other . . . but the areas of potential vulnerability vary depending on the approach selected.
On Premises BizTalk
Application Security
Steps taken within an application to support and reinforce the security policies of an underlying system.
There is no significant security advantage to BizTalk On-Prem vs your other alternatives – UNLESS – you are integrating the security and access features of BizTalk with other security protocols that you are also running On-Premises.
In this specific circumstance, it can be easier to configure your BizTalk security setup to use the same single-sign-on you are using elsewhere. If you do not have this one particular circumstance . . . no advantage.
Information Security
Safeguarding sensitive information from illegitimate access or usage.
There is no significant security advantage to BizTalk On-Prem vs your other alternatives. Any encryption that you wish to use is equally applicable in all three scenarios.
Network Security
Comprehensive security policies for monitoring access and thwarting any unauthorized access to network services, or interception of data being transmitted between systems.
This is one area where an On-Prem installation can present security advantages for you, if all of your integration points are also on the same network, and not exposed outside the enterprise. The premise here is that your integration engine, and ALL the points that engine is integrating, all fall within the same local network.
In that particular case, network traffic would never travel outside the LAN, thereby presenting a security advantage for an On-Prem. This particular circumstance would prove to be somewhat unusual, in most typical scenarios, No advantage.
Disaster Recovery/Business Continuity
The process of planning and being able to implement plans to allow computer systems operations to continue in the case of a unforeseen circumstance; usually involving back-up copies of data, and/or redundant systems.
DR actually presents some distinct disadvantages for an On-Prem installation, as the installation, operation, and maintenance thereof would need to be handled internally . . . whereas in both other scenarios backup and restoration is an included part of the service offering.
Physical Security
Physical access-based security of computer systems, back up media, communication devices, and other related resources.
Physical security presents no inherent advantage for an On-Prem scenario (making the assumption that the physical security measures in place at your datacenter are the equal of Microsoft’s at their major datacenter operations)
In the more likely scenario, the physical security and access control measures that Microsoft has in place will prove to be far superior to that available to most (even large) enterprises. Given that, odds are, that physical security is a disadvantage for an On-Prem installation.
BizTalk Services (PAAS)
Application Security
Steps taken within an application to support and reinforce the security policies of an underlying system.
There is no significant security advantage to this approach as compared to other alternatives.
Information Security
Safeguarding sensitive information from illegitimate access or usage.
There is no significant security advantage to BizTalk Services (PAAS) vs your other alternatives. Any encryption that you wish to use is equally applicable in all three scenarios.
Network Security
Comprehensive security policies for monitoring access and thwarting any unauthorized access to network services, or interception of data being transmitted between systems.
There is no significant security advantage to this approach as compared to other alternatives.
Disaster Recovery/Business Continuity
The process of planning and being able to implement plans to allow computer systems operations to continue in the case of a unforeseen circumstance; usually involving back-up copies of data, and/or redundant systems.
As the backup and alternative server locations that are needed for DR scenarios are inherent to a BizTalk Services (PAAS) scenario, this approach presents an advantage in comparison to an onsite installation, and is equivalent to an IAAS installation
Physical Security
Physical access-based security of computer systems, back up media, communication devices, and other related resources.
Physical security presents no inherent advantage for a BizTalk Services (PAAS) scenario (making the assumption that the physical security measures in place at your datacenter are the equal of Microsoft’s at their major datacenter operations)
In the more likely scenario, the physical security and access control measures that Microsoft has in place will prove to be far superior to that available to most (even large) enterprises. Given that, odds are, that physical security is an advantage for a BizTAlk Services (PAAS) scenario as compared to an on-site installation.
Azure BizTalk VM (IAAS)
Application Security
Steps taken within an application to support and reinforce the security policies of an underlying system.
There is no significant security advantage to this approach as compared to other alternatives.
Information Security
Safeguarding sensitive information from illegitimate access or usage.
There is no significant security advantage to BizTalk Services (PAAS) vs your other alternatives. Any encryption that you wish to use is equally applicable in all three scenarios.
Network Security
Comprehensive security policies for monitoring access and thwarting any unauthorized access to network services, or interception of data being transmitted between systems.
There is no significant security advantage to this approach as compared to other alternatives.
Disaster Recovery/Business Continuity
The process of planning and being able to implement plans to allow computer systems operations to continue in the case of a unforeseen circumstance; usually involving back-up copies of data, and/or redundant systems.
As the backup and alternative server locations that are needed for DR scenarios are inherent to a BizTalk Services (PAAS) scenario, this approach presents an advantage in comparison to an onsite installation, and is equivalent to an IAAS installation
Physical Security
Physical access-based security of computer systems, back up media, communication devices, and other related resources.
Physical security presents no inherent advantage for a BizTalk Services (PAAS) scenario (making the assumption that the physical security measures in place at your datacenter are the equal of Microsoft’s at their major datacenter operations)
In the more likely scenario, the physical security and access control measures that Microsoft has in place will prove to be far superior to that available to most (even large) enterprises. Given that, odds are, that physical security is an advantage for a BizTalk Services (PAAS) scenario as compared to an on-site installation.
Come back next week, for the next installment of this discussion!