Today’s businesses face information and network security challenges like never before. As the public sector draws more and more attention to security, the dark network of malicious actors and boundless numbers of oblivious users grows.
In this environment, on-premises technologies are no longer standard for many reasons, including security, hosting, reachability, availability, ease of management and cost. Businesses of all sizes are moving their resources—sometimes their most important servers—to an environment where they don’t have to manage anything that supports the operating system: the cloud.
Giant reductions in operating costs and management overhead continue to drive public and private cloud architecture towards new goals like IoT deployments and high performance gaming. Customers who have been struggling with efficiency on their LAN over multiple sites see an operational expense and jump to scope pricing and ROI for solutions that demand less resources from the company all around.
Cloud security is important to consider because it is purposefully left out of most agreements, although there is still significant cloud benefit by default.
Benefits of the Cloud
- Management becomes more tangible and reliable as a graphic interface, independent of the network.
- Safe and visible division is accomplished more easily in the cloud, allowing for easier implementation of best practices.
- Unlike the cloud, when you maintain a WAN connection from your site, that’s your chokepoint to the world. If anything impacts the performance or takes down the circuit, any activity in or out will suffer.
- Hosting applications on site or at a small headquarters means keeping up with security; maintaining compatibility and compliance; and potentially falling victim to insider activity – this can be lessened with the cloud.
- Holding key infrastructure assets in the cloud helps isolate the everyday users and devices, and creates access to everywhere from everywhere; emphasis on FROM.
The Hazy Side
Establishing IP reputation and having your certificate and domain at the same IP are tough problems to tackle for small scale, low-budget IT engineers. Other companies or people needing to interact with these systems will always have a better experience with a cloud if you’re operating at the same annual budget. Any company’s investment in cloud is a huge benefit to those potential customers who don’t have millions in capital expenses to start a project or build a strong network.
Keeping up with outages, flood attacks, ISP outages and other issues is always tougher for single sites, even with multiple WAN connections, because they are limited by physical location. Occasionally, in remote areas, a backup circuit and a main circuit will backhaul up to the same supporting connection on the same backbone. Cloud providers will always have a presence in more than one place because they know that a big portion of their value is the uptime or availability. Data centers like to brag about their uptime, and it’s a good way to entice any company, especially one with pending changes in their environment.
Completely aside from all the technical benefits of moving resources to the cloud is an evolving discussion of capital expense versus operational expenses. Technology is turning over more and more quickly, and the investment in any hardware, systems or solutions can be tough to commit to when the market is so volatile.
Often, the purchase value that hardware brings is more than the use case required for the customer in smaller companies. Larger companies will take more time to plan, analyze or reconcile, but smaller businesses aren’t always as efficient. Even if they are a well-oiled machine, the demand for functionality from hardware is usually less, resulting in a lower ROI on CapEx.
In the new billing model, OpEx is a much easier play. Taking a huge budgetary hit every year or every few years is not something that businesses do when it’s not absolutely necessary. Cloud customers live in the moment: they scale as needed, adding/subtracting services and compute power.
This model should lead to networks and customer systems with more room to deploy IoT sensors and further integrate non-digital events with data collection. By shifting most expenditure away from CapEx, it becomes easier to justify smaller devices that do not require monthly payments and illuminate business decisions.
The final development of this progression should result in better security. When resources are handled more easily, it breeds higher efficiency and shortens tedious projects, leaving room for time to improve security practices.
The root of this idea—and why it’s so important to mention in any thought about cloud—is painstakingly simple: IaaS providers like Amazon, Google, and Microsoft all have specific language in their contracts making the administrator and users completely liable for security.
Cloud providers are not going to protect from floods, malware, botnet activity or any other abuse of those systems, and this has led to a new culture of malicious actors operating in the cloud. Most of those agents who abuse cloud systems are excellent at hiding themselves in plain sight. They disguise themselves as a legitimate package, or dodge security by obfuscating code (most cloud providers who scan content at upload use signature-based security to identify known packages and are very weak to code tweaks and 0-days).
Moving between popular SaaS systems and other trusted entities lets a lot of these behaviors happen under the radar today. We must pay closer attention to file and network activity and audit cloud systems as if they’re not our own – because they’re not.
The hybrid cloud world is here to stay, and it means we need to rethink the way we do everything. With efficiency, cost benefits and security in hand, this shift should make the industry more resilient and holistically accepting of better practices all around. Remember; it’s just someone else’s computer, and how you use it makes all the difference.