Cloud Conversation: An Engineering Perspective
J. Bendonis, Security Architect at Technium, and Gary Cutbill, Principal IT Consultant at iuvo Technologies, had an open dialogue about cloud security during our live event in July. The engineer-led event was designed to help those who are migrating to or are already in the cloud improve their environments. Security of your data in the cloud is your responsibility, not the cloud providers, so who better to learn from than engineers who build, improve, and manage the security of cloud environments every day?
Here’s the rundown from Cloud Conversation: An Engineering Perspective…
Lift and shift: This is changing your data center from something you manage (e.g. software, hardware) in-house and doing a direct copy to your cloud data center. This is not good practice for a company, because the cloud environment needs to be set up with its own security features.
Cloud is just outsourcing: From an operating standpoint, the cloud allows you to eliminate, or reduce, capital expenses because cloud is an operational expense. This should be a fraction of the cost compared to your former in-house expenses.
Set up different environments:
- Engineering environment (Dev, DevOps): Have the ability to deploy through automation, while also allowing engineers to deploy and adjust by hand. Once they adjust, they should write the correct code that pushes over to QA for formal repetition and testing.
- QA environment: Let people login, test, debug as needed. Once approved, it should be pushed to the product environment.
- Production environment: Place where all accurate codes run out of. Almost no one should go into the production environment. It should have gone through the engineering and QA environments before automating and launching.
Shared security model: We know you know—security in the cloud is your responsibility. You can solve this problem by setting up the different environments listed above where there are security boundaries and segmentations.
Data breaches: What is your brand worth? Your ability to sell, stock prices, ability to go to market, employee confidence and retention, and many other factors play into the cost of a breach. Make sure you keep your data protected in all of your cloud environments by setting them up correctly. Doing a “lift and shift” increases your risk of a breach, because the cloud environment needs to be configured differently.
Utilize endpoints, virtual firewalls and VPCs: Approximately 1ms of latency is added after you set this up. When mapping out your cloud environment, it will look like there are redundancies and extra connections; this is necessary and will not increase your latency.
Never host email in the cloud: The cost to run an exchange server on-premises is expensive; it should not be hosted in the cloud though. To keep email secure, use a SaaS application. SaaS applications allow you to pay per user versus per hour like the cloud. You also gain access to new features without paying overhead in order to build it internally.
Choosing your cloud provider: What do you, your company or developers know? Do not pick the most popular cloud provider; the efficiency of the user is more important. Identify the abilities and limitations of your team and compare them against each cloud providers’ features and services. This will allow you to strategically choose a provider that allows your team to start building on day one and offers features you will actually use. Also, identify where your regions and the cloud providers’ regions are in order to map out connectivity.
We encourage you to watch the recording of Cloud Conversation: An Engineering Perspective to hear the full details of the recap above while enjoying the rapport between our two featured engineers.