Enterprise collaboration patterns
Many organizations face huge legal and technical challenges in arranging for hosting of data and applications in ways that are agreeable to all parties of a collaboration, because the entity hosting the data can exert control by means of network/physical access.
Accelerating Joint Ventures & Strategic Alliances
To sustain research innovation there is a growing realization and acceptance that companies need to identify sources of knowledge and expertise outside of their own organization. Traditionally, many organizations faced huge legal and technical challenges in arranging for hosting of data and applications in ways that are agreeable to all parties of a collaboration, since the entity hosting can essentially exert control over the data by means of network/physical access.
Modern cloud IaaS and PaaS solutions have the potential to deliver new technical capabilities that can solve many of these barriers. Here, we outline some of the challenges in creating collaborative environments with cloud infrastructure and show how Turbot Guardrails can help companies overcome the technical complexity of enabling rich collaboration networks. Turbot Guardrails Software Defined Operations Platform ensures that all parties have visibility to, and management of, key controls that enforce policies and contractual obligations in these collaborations.
Patterns of Cloud Collaboration
Collaboration is such a broad term that it is necessary to name and define the specific use cases of interest before discussing approaches to enable them. In this paper, we focus on patterns that involve collaboration between organizations or across departments within organizations; IaaS/PaaS technology will undoubtedly have a significant impact on social collaboration, but that topic is not covered here. Instead we will define and discuss the following organizational collaboration patterns and how Turbot Guardrails Software Defined Operations Platform can accelerate implementation, access, compliance, audit and control for all parties involved:
Remote Data Analysis: This pattern uses desktop virtualization to co-locate computing and datasets for global teams.
Cross-functional Collaboration: Within the enterprise, data ends up collecting in silos due to organizational and budgetary processes. Cross-functional collaboration scenarios seek to use cloud as a mechanism for facilitating data-sharing between these silos without need to move data.
Multi-Party DevOps: These capabilities enable large enterprises to collaborate with system integrators who are building, configuring and deploying software into the enterprise’s managed and controlled virtual private cloud (VPC).
Precompetitive Research & Consortia: In many research-intensive industries, companies are creating controlled spaces for researchers from different organizations to collaborate on and share applications and data.
Joint Ventures & Strategic Alliances: These environments support co-owned hosting & software development capabilities that result in joint IP, where assets are managed via tightly controlled policies tied to specific contract obligations.
Remote Data Analysis
Massive datasets create data gravity issues for global teams. End-users close to regionally hosted data have a huge advantage in performance, giving them the ability to use the latest productivity-enhancing data visualization tools on their desktop, while other regions must either request data extracts for offline processing or deal with productivity killing bandwidth and latency issues.
Enterprises typically solve this problem by deploying costly, server-based business intelligence platforms that allow end-users to access their reporting and BI through a hosted web-application. The cost of licenses, infrastructure and support of these platforms force an enterprise to standardize, resulting in a loss of agility and inability to use the latest and greatest open-source and commercial data tools.
Turbot Guardrails approach to solving this pattern is to co-locate compute, storage and data into a single cloud region, giving global teams the ability to leverage modern cluster- based high-performance computing capabilities like Apache Spark, Redshift and EMR.
In addition, Turbot Guardrails enables point-and-click integration with Amazon WorkSpaces and EC2 to deploy Windows and Linux workstations directly into the data lake’s VPC. This allows end-users to remotely log in to a desktop environment and run their favorite data visualization tools (e.g. R or Tableau) on live data with massive network bandwidth and low latency.
These high-performance virtual workstations run on demand, are paid for hourly, and are equally performant for all global users. Best of all, the enterprise can easily allow customization of the tooling to match each user’s experience level and skill set.
Cross-functional Collaboration
Solving the issue of cross-functional data silos in the enterprise often involves costly, complex and brittle data integration work. Many users resort to extracting and copying data from systems to their desktop for analysis. This creates both security risk (from lost or compromised systems) and business risk from making decisions on stale data.
Turbot Guardrails can help your enterprise break down these silos using a hierarchal policy engine, time-limited grants and a trusted accounts model allowing data scientists controlled access to data where it lives.
Turbot Guardrails can easily federate responsibility for sharing data across accounts to the owners of data without granting unfettered access to production systems.
Turbot Guardrails provides point-and-click management of VPC peering, S3 trusted accounts, IAM cross-account roles, and RDS database users and roles.
These actions and grants are fully audited and can easily be monitored through third-party data protection and security events monitoring software. With Turbot Guardrails, users have the ultimate in self-service while the enterprise maintains full control.
Multi-Party DevOps
A key pain point for multi-party collaborative application development is program startup. Onboarding vendor resources, configuring and deploying development environments and setting up networking with third parties can easily take months to execute, reducing enterprise agility and value creation.
Utilizing native cloud services (e.g. the AWS Console and APIs) in conjunction with Turbot Guardrails enterprise controls, the system integrator can be granted access to a cloud development account before the ink is dry on their statement of work. This account will be fully managed by automated guardrails configured to meet enterprise policies. Turbot Guardrails Guardrails ensure that the combined project team develops the application under full enterprise policy management, with federated authentication and access to core corporate resources (e.g. AD, DNS, NTP, Version Control, Databases & APIs).
Segregation of duties can easily be maintained (and audited), as the developer only has access to the environments needed. That said, the enterprise always has the option of granting developers time-limited privileges within quality-assurance or production- deployment environments to facilitate emergency break-fix or troubleshooting.
Turbot Guardrails Software Defined Operations platform also accelerates and automates networking setup using secure implementation patterns, best practices and network guardrails for all these inbound access patterns:
- Direct inbound Internet access
- Private virtual desktops using Amazon WorkSpaces and Linux bastion servers
- B2B VPN via the corporate network
Precompetitive Research & Consortia
Many businesses are looking to precompetitive collaboration to foster innovation and share the cost of basic research. The members of these consortia share data, process and methods that are essential to industry wide innovation but provide little competitive advantage.
A core challenge of these types of collaborations come from the need to balance the individual interests of each party while maximizing the benefit achieved from collaboration. This friction often manifests itself by slowing down the implementation and setup of a consortium.
“The political science precedes the real science. Consortia such as the Biomarkers Consortium and the Serious Adverse Events Consortium took at least 18 months to get off the ground. To establish a contract, the views of multiple parties need to be reconciled.” -- Aidan Power, VP Molecular Medicine, Pfizer
The Public Cloud and Turbot Guardrails jointly solve many of these concerns by providing a trusted hosting location for consortium data, intellectual property and shared computing resources. Turbot Guardrails provides industry-standard mappings to common compliance frameworks like GxP, NIST, PCI and HIPAA. These out-of-the-box starting points can accelerate policy decisions regarding data protection, privacy, security and network setup.
Turbot Guardrails multi-directory authentication capabilities allow the administrators of the consortium to connect members to data and computing resources (including Virtual Desktops) through federated access to each member company’s own directory service
(e.g. AD, LDAP or SAML). Members of the consortium can use their existing network credentials to authenticate, greatly simplifying on-boarding processes and ensuring that once a person terminates employment from a member company, they can no longer access the shared resources of the consortium.
Joint Ventures & Strategic Alliances
Companies create joint ventures and strategic alliances to share access to their technology, research and other assets. This often entails sharing vast amounts of data and jointly collaborating on application development to exploit the benefits of a partnership.
These types of data and application-centric collaborations can leverage the capabilities and benefits across all the previously discussed patterns:
- Acceleration from Turbot Guardrails networking and collaboration patterns
- Federation of user authentication across multiple directories
- Virtual workstation technology to ease onboarding and control data egress
- Strong and transparent cross-company logging and audit capabilities
- Mappings to industry standard control frameworks (e.g. NIST, PCI, GxP, HIPAA)
- Preventative, Detective and Corrective Controls based on joint policy decisions.
- Point & click management of time-limited access grants.
- Peering trust models that allow data to be shared across accounts
If you need any assistance, let us know in our Slack community #guardrails channel. If you are new to Turbot, connect with us to learn more!