Security: Cloud vs Firewall

Imagine for a moment that you needed to hunt for food. If you’re looking down the scope of your gun and you see a whole bunch of mice scurrying would you consider trying to shoot one? Even if you were successful would it benefit you or be worth your time and effort? Of course not. You’d look for something big that would be worth all of your time and energy.

Now believe it or not, hackers are a lot like hunters. They’re looking for the big target. They want to spend their time on the largest possible payback. This is where our discussion about cloud security comes into the picture.

Before the advent of cloud computing, all applications and systems were locally managed. Organizations set up firewalls to keep their infrastructures from being hacked. You can almost imagine that each company was like its own kingdom with walls around their inner city. But like any kingdom, they needed the ability to interact with the outside world, so companies would punch a hole in their firewall that would allow them to port data back and forth with partners and vendors. These holes combined with a grand reward for getting in put a target on the back of corporate firewalls.

Cloud computing offers a completely different approach. This is because in a serverless cloud computing platform everything that happens is part of an ad hoc service call. For example, if you need to compute some data, a service would conduct that computation, and would only really exist while it is needed, so any service, from data quality to notifications come alive when they’re needed but disappear when they’re not. This lack of “persistent existence” is the beauty of serverless cloud architecture, and part of the reason that hackers feel like they’re “hunting for mice” when they try to hack a true cloud infrastructure. Not only are the services ad hoc but they’re a moving target. That’s not to say there is no persistent data in the cloud. But even persistent data in the cloud is replicated and highly mobile, so if a hack is detected we can shut that data down and use a replicated copy to support the enterprise with little effort. Additionally, as a practice we encrypt the data everywhere, including when the data is at rest and when it is in flight. Now, as a side note, don’t confuse service based cloud computing with just renting a server in the cloud and throwing your on-premise systems on it. That’s no more secure that your existing firewall. AND you’re not saving any money that way. What I’m talking about true ad hoc serverless cloud computing.

So the question is: Is your organization's data more secure using the Kingdom and Firewall approach? My argument would be that 80% of organizations would be better off having their data in a cloud computing service architecture than behind a corporate firewall. I believe this purely based on the reality that hackers will gravitate to the path of greatest payoff. If I’m going to exploit or hack a service that will pop in and out of existence, then I’m hunting for mice. Compare that to the whale that is your company or organization, which provides a distinct target, a less sophisticated security structure, a huge payoff, and persistent application systems that stay put.

Because we live under a constant risk of being hacked, we need to have strategies that are not just technical, but also have a commonsensical game plan. When dealing with risk, small is beautiful. The bigger your footprint the more attention you will bring. At Intricity we can help you understand better what having a cloud service solution looks like, and how to migrate to it. I recommend you reach out to Intricity and talk with one of our specialist about this topic. You can get started by checking out our cloud solution assessment offering, which I’ve linked to in this video.


Related Pages: