Grimlakin
Forum Posting Supreme
- Joined
- Jun 24, 2019
- Messages
- 9,071
- Points
- 113
I've been in the IT arena for a long time. 100% of my professional working career at the age of 46... is all in IT. My interest started in personal computing and gaming and has sprawled out to be pretty much any and everything in the IT arena. The latest trend is putting every **** thing in the cloud. And if you understand what the cloud is and how interconnected it all is, you too are probably worried about sensitive data that exists in the cloud and it's connectivity into your on premise systems, and if you're not... you should be.
Allow me to explain something that many C level executives don't get and for the most part put up with from us that are more security aware. If you have something in the cloud, I don't care what cloud service you are using, or why you are using it or how 'locked' down you think it is. there are people outside of your trust circle that can access your data. This isn't a probably it is a 100% guarantee. If your servers can shift between hosts they have access to your data. If your data is 'protected' they have access to your data. Further the trust circle that has access to your data is well outside of your control. Even if the data is top secret if your companies security policies take things into account that a top secret clearance does not then your data is with people you probably don't want to access it, at least not without knowing.
But lets presume for the sake of argument that your data isn't that important to the company for some strange reason. Lets go with the stability of service. Is the cloud more stable than what your company can stand up for a cost? This depends completely on your companies size, and need. You get too large you can't live only in the cloud. Cloud scales very well to small up through large businesses. But much beyond that the cloud then becomes a part of your environment not the whole of your environment. and that is a problem.
How is the cloud being part of or all of your environment a problem. Lets break that down in a couple of ways from a security standpoint.
1. The cloud is a shared service. Meaning your software (servers) are running on the same servers as other companies software (servers). If they were running Intel CPU's as an example before the memory access vulnerability was discovered your data could have been pilfered by someone who compromised someone with lesser security. Your level of exposure to that breach may have been minimal based on what the server was doing.... but what if that server were your cloud based Domain Controller to expedite logins to company websites hosted in the cloud with federated login managers? Is that data your comfortable with being in the cloud still?
2. Larger cloud deployments are actually multi cloud, Citrix cloud services, Azure, Amazon, Google, and private clouds are all interconnected today with geo-fencing and other interesting technologies to make sure the end user experience is as good as it can be. For non secure data this is great. For everyone else.. your data is ONLY as secure as the LEAST secure server or LEAST complex administrator level password in the cloud in your shared services... across ALL of your cloud platforms, AND if you have it local platforms as well.
So if you've been asked to push everything to the cloud because you can. Please remember an adage my team tries to live by. Yes... SURE you CAN do it... but SHOULD you?
Today companies have every **** thing living in the cloud including secure data in just document storage.
We are one big breach away from people realizing how vulnerable their data is. And when that happens the legal system will be FLOODED with corporate lawsuits in the 10's if not 100's of billions of dollars in damages.
Allow me to explain something that many C level executives don't get and for the most part put up with from us that are more security aware. If you have something in the cloud, I don't care what cloud service you are using, or why you are using it or how 'locked' down you think it is. there are people outside of your trust circle that can access your data. This isn't a probably it is a 100% guarantee. If your servers can shift between hosts they have access to your data. If your data is 'protected' they have access to your data. Further the trust circle that has access to your data is well outside of your control. Even if the data is top secret if your companies security policies take things into account that a top secret clearance does not then your data is with people you probably don't want to access it, at least not without knowing.
But lets presume for the sake of argument that your data isn't that important to the company for some strange reason. Lets go with the stability of service. Is the cloud more stable than what your company can stand up for a cost? This depends completely on your companies size, and need. You get too large you can't live only in the cloud. Cloud scales very well to small up through large businesses. But much beyond that the cloud then becomes a part of your environment not the whole of your environment. and that is a problem.
How is the cloud being part of or all of your environment a problem. Lets break that down in a couple of ways from a security standpoint.
1. The cloud is a shared service. Meaning your software (servers) are running on the same servers as other companies software (servers). If they were running Intel CPU's as an example before the memory access vulnerability was discovered your data could have been pilfered by someone who compromised someone with lesser security. Your level of exposure to that breach may have been minimal based on what the server was doing.... but what if that server were your cloud based Domain Controller to expedite logins to company websites hosted in the cloud with federated login managers? Is that data your comfortable with being in the cloud still?
2. Larger cloud deployments are actually multi cloud, Citrix cloud services, Azure, Amazon, Google, and private clouds are all interconnected today with geo-fencing and other interesting technologies to make sure the end user experience is as good as it can be. For non secure data this is great. For everyone else.. your data is ONLY as secure as the LEAST secure server or LEAST complex administrator level password in the cloud in your shared services... across ALL of your cloud platforms, AND if you have it local platforms as well.
So if you've been asked to push everything to the cloud because you can. Please remember an adage my team tries to live by. Yes... SURE you CAN do it... but SHOULD you?
Today companies have every **** thing living in the cloud including secure data in just document storage.
We are one big breach away from people realizing how vulnerable their data is. And when that happens the legal system will be FLOODED with corporate lawsuits in the 10's if not 100's of billions of dollars in damages.