Tech Spaghetti

There is no denying the fact that Cloud is everywhere. Starting from small scale startups to enterprises, companies have ripped the benefit of cloud with focus on solving the business problem rather than worrying about the infrastructure along with significant cost control. Based on a survey one of the prime reasons to migrate over to cloud by the companies was to transition from CapEx to an OpEx model and aim at being more agile and operation oriented.

With the general hype around in the IT industry about migrating over the advantages of cloud computing, if not thought through and executed correctly you might end up into troubles. In this blog i will try to explain some of the points one might consider while migrating to cloud.

In my blog i will refer to AWS as my primary cloud provider but this holds true for rest of them.

Security

Even though cloud providers like Amazon, Google, Microsoft are following the industry standard security practices and certifications, one must be careful in understanding the shared responsibility of a cloud systems. Cloud providers are primarily responsible for the security of its core services and infrastructure. This is sometimes called as “Security of the cloud”. But the security of its data and the access and role management (IAM) is a responsibility that individual customers need to setup properly (refer as “Security in the cloud”).

One of the prime example of this was the data breach of over 100 million user information of Capital One Bank in 2019 by its own employee. The data was stored in an unencrypted format which quite possibly lead to this incident. Turing on encryption on your data-store could have helped in this case.

Now having said this, the onus is on the customer and its design team to setup the right data security & encryption (client-side encryption) for the services its using. Cloud providers will be responsible for the incorrect setup of the cloud infrastructure.

One of the security design principle to follow is to provide access to users with the least privilege. This would mean one should have minimal access to the cloud services for which you are working on. Using the right access policies is the key for secured applications especially in a big enterprise systems where sometimes it gets tough to manage user access to services.

One incident was published as “Murder in the cloud” (2014) for a code repository company called Code Spaces. The hacker managed to gain access to the EC2 console by physically gaining access (DDos attack) to the aws control panel. The hacker demanded ransom, failing which he started deleting all of its data, AMIs, EBS Snapshots; eventually leading to shutdown of the company.

So even though cloud providers claim to be most secure, customers using the services are the ones really need to think it through the best practices of the cloud security. One must be careful of its responsibility in the cloud as a customer.

Cost