Thycotic Telephone Number +1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

Up, up and to the Clouds: Cloud Computing 101

Written by Joseph Carson

January 22nd, 2019

The cloud has always been this mysterious place—many companies embraced it and put everything they could into the cloud, while others watched cautiously from a distance, wondering whether they should do the same.

Before taking you on the journey to the cloud, let’s answer the question “What is the cloud, exactly?” Clearly, it’s been a source of confusion. In fact, many still point up when they use the term “The Cloud”, as if it was some kind of magical place in the sky.

The cloud is simply someone else’s servers, in another location, and you get to use those servers whenever you need to. Think of it like electricity: you don’t need to own a power station to get electricity, or own the infrastructure. You just need to be connected to the network so that when you flip the switch the lights come on, and you get charged for consumption.  That is the cloud in its most simplistic terms.  So, the cloud is an on-demand, shared network of connected computer resources.

To be clear, from this point onward when I refer to the cloud I am referring to actual servers and services running in a data center.

A Cloud-First Approach

Many organizations have adopted a cloud-first approach. This means they must first consider cloud deployment options unless the services do not exist, it is not technically possible yet, or legal issues prevent a cloud option. In today’s modern era of cloud computing some companies are ALL cloud, meaning they completely consume and deliver all their business services from the cloud, and they don’t own any physical servers or locations to place them.

Data Classification and Access Audits (What data is important, and who has access?)

Before you move your business data to the cloud you must know which data is regulated and be familiar with the boundaries that restrict where the data can be located. This may determine which type of cloud can be chosen, as well as geographic locations.

It is important to perform a complete Data Impact Assessment and ensure that access to sensitive data has full access audits.  I recommend performing a data classification after an impact assessment to determine which data is more sensitive and identify what type of data it is. In the past I have used a process similar to Data Center Classification that determines the data in relation to its importance, and aligned with the CIA Triad, to figure out what is important to the data—is it availability, integrity or confidentiality?  Once you have classified the data you must align it to security and access controls to ensure adequate security is applied and the risk is reduced.

A data assessment and classification will help an organization determine what type of data might be impacted by compliance and regulation, and whether that data is permitted to be stored outside of the country’s borders.

The cloud has significant benefits for organizations which makes it very compelling, and a must for consideration when embracing new services

The Benefits of Cloud for Business are plentiful:

Dynamic and Agile

Organizations who adopt a cloud-first approach naturally get to be very dynamic and agile so that when they need new servers those resources can be obtained in minutes with any operating system or application requirements. This means that businesses that are growing quickly, or have fluctuations in requirements, can increase or decrease the computer resources they need on demand.

The Cloud gives organizations the greatest flexibility and quickest time to value

Capital Expenditure versus Operational Expenditure

Another huge benefit of the cloud is that it typically comes from a different cost structure. This is because you are renting the computer resources and not owning them, so you do not inherit depreciation costs, maintenance costs, upgrades and even sometimes expensive decommissioning costs.

Going with cloud enables an organization to pay-as-you-go and reduce wasted time, resources and huge upfront investments

Disaster Recovery

For any business-critical systems, organizations must double-up on everything from servers and software to backups, connectivity, databases etc. This means any new business-critical service can be double the cost too.  Cloud services will have disaster recovery built in, so you do not have to worry about backups and maintaining them.

Software Updates

Businesses get automatic software updates when available.  But one big challenge, and a pain for businesses, is when they need to perform major software updates that could result in downtime, failures and hefty resource costs.  A cloud approach enables your organization to focus on using the software rather than keeping it updated and running.

Best in Class Security

Cyber security has been a serious threat in recent years for governments and businesses all around the world.  Strengthening cyber security and reducing risks has been a priority. However, many businesses continue to struggle, patching systems, applying security best practices and trying hard to prevent sensitive data from being stolen in a cyber-attack.  IT resources are struggling to stay up to date on all these threats and have become overwhelmed. After all, it’s impossible to be a cyber security expert in everything. But in recent years organizations have become more confident about consuming cyber security solutions from the cloud as they can then focus on the business priorities and not have to become experts in everything.

Immediate Service and Value

With cloud you can get immediate service and value without waiting for internal IT to make system resources available, or pending additional license purchases such as operating systems or databases, etc.  With cloud you can simply get the service without any other dependencies.

Major Skills Shortages

Probably the biggest challenge today is that many businesses are facing a major skills shortage, especially in remote areas or large cities where they are competing for experts who tend to rotate frequently.  With cloud solutions the business does not need to find Operating Systems experts, database experts and system backup experts.  So, you can focus on the resources and skills needed to support the business while the cloud service takes care of having the skills and expertise. You simply consume the service, needing only to learn how to use it versus installing and maintaining the solution.

You no longer need to have an expert for everything

It is ALL about the Data and the Law

What prevents some countries or companies from adopting cloud is when a legal obligation stands in the way, as mentioned above regarding the data assessment.  Some countries have laws that relate to placing citizens’ data outside of the country’s borders.  What this means for these governments and companies is that when the cloud services are not available within the borders of the country or region, then they are unable to store the citizens’ data in the cloud.  A lot of cloud providers have reduced this issue by making data centers available in each region such as North America, Europe and Australia, and other locations,  thereby providing a dedicated location where the cloud services run and enabling the entity to stay compliant with the laws where applicable.

More organizations are moving to the cloud for security solutions so they can focus more time and resources on the business

Beginning to wonder if there are any negatives to cloud computing? A digital transformation is happening, and forward-thinking organizations interested in reducing costs and increasing process efficiency are turning to the cloud. What’s stopping you from taking a cloud first approach? Let me know in the comments.

JOIN OUR MAILING LIST

Get updates, free resources and in-depth how-to's

SHARE THIS


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.