Managing Cybersecurity Risks in the Cloud
By Brian Nichols, director, Baker Tilly
The great migration
While the idea of cloud-hosted infrastructure may seem new, organizations have been outsourcing management of their infrastructure for decades. Organizations that no longer wanted to manage the physical aspects of their computing and network infrastructure moved to outsourced datacenters that co-located their infrastructure with other customers separated by metal cages. While the organization retained responsibility for the management of their own servers, they no longer needed to focus on the day-to-day administration of internet connectivity, power, back-up generators and physically securing the data center facility.
As technology companies saw their demands for computing resources exponentially escalating, a new business opportunity arose. Technology companies could plan and build far greater capacity than they needed, then sell that excess capacity to other organizations – a concept now known as Infrastructure-as-a-Service (IaaS) solutions. Organizations could purchase on-demand computing and network resources without building their own on-site data center or committing to a long-term co-location agreement. Thus, the great migration to the cloud began.
Understanding the cloud’s unique capabilities
There is a multitude of aspects to cloud-based services; we outline three of the greatest and most unique capabilities below:
- Invisible hardware – When you setup your cloud account, what may seem strange at first is that the hardware layer to building a data center has become invisible. You still must select the computing specs for your server (number of CPU cores, GB of RAM), but you do so within a web interface that automatically builds your server. It is the same when you select your storage capacity; once selected, it is provisioned automatically to your server instance through the invisible hands of your cloud provider’s backend management services. What used to entail racking-and-stacking of multiple, different physical components now all occurs after a few drop-down selections. The physical aspect of data center operations now becomes invisible to the end user.
- Auto scaling – Along with the invisible hardware comes a semi-new idea of auto scaling. Those of you that are familiar with system architectures will understand that system and network engineers have been building scalability into their designs for years. Scalability was mostly performed through load balancing and clustering of systems to create a more resilient and efficient system architecture. However, cloud-based solutions have made this easier with the ability to auto deploy (or suspend) new server instances on an as-needed basis. No more tedious capacity planning, no more human interaction required to add a new system to the cluster or set up a new IP in the load balancer because the cloud provider’s native services allow you to set thresholds that will scale in or scale out based on predetermined metrics. This creates a more efficient and cost-effective system.
- Non-standard computing solutions – Taking the idea of invisible hardware and auto scaling one step further, cloud services introduced us to server-less computing services that no longer require the user to set up an operating system or even install an application. Server-less services are similar to auto scaling as they are triggered based on a predetermined set of factors; however, they do not stand up a new server instance in order to process a transaction. These server-less functions are one of the most powerful new tools within a cloud-based solution because they only execute when triggered and the organization only pays for the computing power when the function is used.