Videos, News, Snowflake, Blog

Security: Cloud vs Firewall

Jared Hillam

Jared Hillam

January 31, 2017

Imagine for a moment that you needed to hunt for food. If you’re looking down the scope of your gun and you see a whole bunch of mice scurrying would you consider trying to shoot one? Even if you were successful would it benefit you or be worth your time and effort? Of course not. You’d look for something big that would be worth all of your time and energy.

Now, believe it or not, hackers are a lot like hunters. They’re looking for the big target. They want to spend their time on the largest possible payback. This is where our discussion about cloud security comes into the picture.

Before the advent of cloud computing, all applications and systems were locally managed. Organizations set up firewalls to keep their infrastructures from being hacked. You can almost imagine that each company was like its own kingdom with walls around its inner city. But like any kingdom, they needed the ability to interact with the outside world, so companies would punch a hole in their firewall that would allow them to port data back and forth with partners and vendors. These holes combined with a grand reward for getting input a target on the back of corporate firewalls.

Cloud computing offers a completely different approach. This is because in a serverless cloud computing platform everything that happens is part of an ad hoc service call. For example, if you need to compute some data, a service would conduct that computation, and would only really exist while it is needed, so any service, from data quality to notifications comes alive when they’re needed but disappear when they’re not. This lack of “persistent existence” is the beauty of serverless cloud architecture, and part of the reason that hackers feel like they’re “hunting for mice” when they try to hack a true cloud infrastructure. Not only are the services ad hoc but they’re a moving target. That’s not to say there is no persistent data in the cloud. But even persistent data in the cloud is replicated and highly mobile, so if a hack is detected we can shut that data down and use a replicated copy to support the enterprise with little effort. Additionally, as a practice, we encrypt the data everywhere, including when the data is at rest and when it is in flight. Now, as a side note, don’t confuse service-based cloud computing with just renting a server in the cloud and throwing your on-premise systems on it. That’s no more secure than your existing firewall. AND you’re not saving any money that way. What I’m talking about is true ad hoc serverless cloud computing.

So the question is: Is your organization's data more secure using the Kingdom and Firewall approach? My argument would be that 80% of organizations would be better off having their data in a cloud computing service architecture than behind a corporate firewall. I believe this is purely based on the reality that hackers will gravitate to the path of greatest payoff. If I’m going to exploit or hack a service that will pop in and out of existence, then I’m hunting for mice. Compare that to the whale that is your company or organization, which provides a distinct target, a less sophisticated security structure, a huge payoff, and persistent application systems that stay put.

Because we live under constant risk of being hacked, we need to have strategies that are not just technical, but also have a commonsensical game plan. When dealing with risk, small is beautiful. The bigger your footprint the more attention you will bring. At Intricity we can help you understand better what having a cloud service solution looks like, and how to migrate to it. I recommend you reach out to Intricity and talk with one of our specialists about this topic. You can get started by checking out our cloud solution assessment offering, which I’ve linked to in this video.

Whitepaper: What Makes Data Yours


Related Post

Snowflake Data Breach... Now What?

Snowflake's data breach affected 165 customers through stolen credentials. Discover the security measures that could have prevented it and how to protect your data in the future.

Read More

Using AI for Code & Metadata Conversions on Data Systems

LLM-based code conversions can have challenges and successes. Explore real-world insights and best practices for navigating these projects.

Read More

Snowflake ProTalk: Snowflake Summit 2024 Summary

Explore newly announced features from Snowflake Summit and their impact on customers. Stay ahead with exclusive insights for future ProTalk sessions!

Watch Now