When I think of the most mission-critical on-premises secure installation scenario of all time, my mind immediately wanders to silos. Missile silos, to be exact.
If there ever was a reason to be absolutely 100-percent-sure a system was inaccessible to the outside world, and thus positively unhackable, it would be to prevent an unauthorized launch. Any software update that happens in that control room had better be hand-installed from a disk and checked by a high-security clearance individual.
Granted, most of us don’t have to sweat the global consequences of a Wargames-style nuclear brinkmanship event if our business software isn’t securely air gapped.
Still, it wouldn’t hurt to take a page from the missile-command playbook in thinking about your organization’s mission-critical environments to understand when on-prem air gap installations provide the best balance of risk avoidance and value for critical systems.
What are some of the most compelling use cases for on-prem air gap software installations?
I hear rosy cloud-based growth projections from independent software vendors (ISVs) on a daily basis. Every one of them touts the impressive sales growth stats of their latest SaaS or cloud offerings in relation to their existing on-prem business.
You can’t blame vendors for wanting to position themselves as ‘modern’ for IT analysts and investors, touting that they are selling service-based software — but for security, compliance, and control reasons, real-world businesses demand modern software delivered on-premises.
Among many other surprising facts revealed in this 2021 State of On-Prem study was the fact that almost all ISVs — 92% even — are reporting increased sales of on-prem software to customers — and at least half of them reported ‘strong growth’ in sales!
The side benefit? Effective air gapping also solves the complex problems of ensuring the software configuration was consistently performed, that IP is protected as needed, and usage is properly privileged at the point of distribution.
Have you ever used software with a ‘remote update’ feature that routinely checks for updates and licensing status — only to cut off the session if for some reason the registration server is unavailable, or the network connection is down?
That vendor is telling its customers that they don’t trust their own installation packages, and topping it off prevents them from doing their work. Talk about the fastest route to customer abandonment!
Fortunately, many leading commercial and open source vendors offer modern on-prem air gap installations that fit some unique customer form factors.
If you thought my missile command story was a hypothetical story, how about mission control for satellites?
Kubos is a fascinating vendor tightly focused on delivering a more responsive cloud-native ground control system (called Major Tom, if you get the Bowie reference) to allow operators to interface with satellites, control them, and gain insights into real-time telemetry data from space.
Some of their customer’s ground control environments — as you might expect with such expensive hardware on the line — are entirely locked down. There are no open sockets for an install. While communication and control work happens via APIs and SaaS-style approaches, their control gateway software and updates must sometimes be remotely installed into an air gap environment.
Kubernetes, by nature, provides an excellent start to unlocking this exact problem as it can act as a reference architecture of containerized microservices. It’s cloud-native, yes, but it doesn’t need to run in a cloud. Bespoke customer installs can be tightly specified as code, configuring complete multi-tier operating environments that can be bundled and consistently delivered to customers as ready-to-deploy K8s packages.
Wherever there is a need for secure data and secure operations, there’s probably an identifiable need for some aspect of that environment to be air gapped.
Just press play to start the install. It’s time to shoot down the pundits who tell you everything will move from on-prem to cloud or SaaS models.
I predict a migration to securely contained modern on-premises computing environments for our most mission-critical applications, with Kubernetes as the enabler for this encapsulation.
The market for modern on-prem is bearing this reality out today, with a renewed focus on air gapped software installations where security and total compositional assurance are of the highest priority.