Security In The Public Cloud: Finding What Is Right For You

What many businesses still don’t realise is that the public cloud is a shared responsibility, from both the cloud provider and customer.

Security concerns in the cloud pop up every now and then, especially when there has been a public breach of some sort. What many businesses still don’t realise is that the public cloud is a shared responsibility, from both the cloud provider and customer. Unfortunately, 99% of these breaches are down to the customer, not the cloud provider. Some of these cases are due simply to the customer not having the competences in building a secure service in the public cloud.

Cloud Comes In Many Shapes And Sizes

  • Public cloud platforms like AWS, Azure and GCP
  • Medium cloud players
  • Local hosting provider offerings
  • SaaS providers of variable capabilities and services: From Office 365 to Dropbox

However, if the alternative is to use your own datacenter, the data center of a local provider, or a SaaS service, it’s worth building a pros and cons table and making a selection after that.

Own data centre
Local hosting provider
Public cloud
 – Most responsibility
 – Competence varies
 – Variable processes
 – Large costs

However

 – Most choice in tech
 – A lot of responsibility
 – Competence varies
 – Variable processes
 – Large costs


 – Some choice in tech
 – Least responsibility
 – Proven competence & investment
 – Fully automated with APIsConsumption-based


 – Least amount of choice in tech

Lack of competence is typical when a business ventures into the public cloud on their own, without a partner with expertise. Luckily:

  • Nordcloud has the most relevant certifications on all of the major cloud platforms
  • Nordcloud is ISO/IEC 27001 certified to ensure our own services security is appropriately addressed
  • Typically Nordcloud builds and operates customer environments to meet customer policies, guidelines and requirements

Security responsibilities shift towards the platform provider the more high value services like IaaS, PaaS, SaaS are used. All major public cloud platform providers have proven security practices with many certifications such as:

  • ISO/IEC 27001:2013 27013, 27017:2015
  • PCI-DSS
  • SOC 1-3
  • FIPS 140-2
  • HIPAA
  • NIST

Gain The Full Benefits Of The Public Cloud

The more cloud capacity shifts towards the SaaS end of the offering, the less the business needs to build the controls on their own. However, existing applications are not built for the public cloud and therefore if the application is migrated to the public cloud as it is, similar controls need to be migrated too. Here’s another opportunity to build pros & cons table: Applications considered for public cloud migration ‘as is’, vs app modernisation.

‘As is’ migration
Modernise 
 – Less benefit of cloud platform IT-driven

BUT

– You start the cloud journey early
– Larger portfolio migration
 – Time to decommission old infra is fast
 – Slower decommissioning
 – Individual modernisations

BUT

– You can start you cloud-native journey
 – Use DevOps with improved productivity
 – You have the most benefit from using cloud platforms

Another suggestion would be to draw out a priority table of your applications so that you gain the full benefits of the public cloud.

In any case, the baseline security, architecture, cloud platform services need to be created to fulfil requirements in the company security policies, guidelines and instructions. For example:

  • Appropriate access controls to data
  • Appropriate encryption controls based on policy/guideline statements matching the classification
  • Appropriate baseline security services, such as application level firewalls and intrusion detection and prevention services
  • Security Information and Event Management solution (SIEM)

The areas listed above should be placed into a roadmap or project with strong ownership to ensure that the platform evolves to meet the demands of applications at various stages in their cloud journey. Once the organisation and governance are in place, the application and cloud platform roadmaps can be aligned for smooth sailing into the cloud where appropriate, and the cloud-native security controls and services are available. Nordcloud’s cloud experts would be able to help you and your business out here.

Find out how Nordcloud helped Unidays become more confident in the security and scalability of their platform.

Blog

Are you too late to go cloud native?

You’re never too late to choose a cloud native approach, no matter what stage of cloud maturity or digital transformation...

Blog

Why do so many CCoEs fail?

When you reach a certain stage of cloud adoption, you set up Cloud Centres of Excellence (CCoE). There are noble...

Blog

Part 1 – GCP Networking Philosophy

When working with cloud architecture, it's important to see the world from different perspectives.

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








    Cloud computing news #10: Serverless, next-level cloud tech

    CATEGORIES

    Blog

    This week we focus on serverless computing which continues to grow and enables agility, speed of innovation and lower cost to organizations.

    Serverless Computing Spurs Business Innovation

    According to Digitalist Magazine, serverless computing is outpacing conventional patterns of emerging technology adoption. Organizations across the globe see technology-driven innovation as essential to compete. Serverless computing promises to enable faster innovation at a lower cost and simplify the creation of responsive business processes.

    But what does “serverless computing” mean and how can companies benefit from it?

    1. Innovate faster and at a lower cost: Serverless cloud computing execution model in which the cloud provider acts as the server, dynamically managing the allocation of machine resources. This means that developers are able to focus on coding instead of managing deployment and runtime environments. Also, pricing is based on the actual amount of resources consumed by an application. Thus, with serverless computing, an organization can innovate faster and at a lower cost. Serverless computing eliminates the risk and cost of overprovisioning, as it can scale resources dynamically with no up-front capacity planning required.
    2. Enable responsive business processes: Serverless function services – function as a service (FaaS) – can automatically activate and run application logic that carry out simple tasks in response to specific events. If the task enchained by an incoming event involves data management, developers can leverage serverless backends as a service (BaaS) for data caching, persistence, and analytics services via standard APIs. With this event-driven application infrastructure in place, one organization can decide at any moment to execute a new task in response to a given event.

    Organizations also need the flexibility to develop and deploy their innovations where it makes the most sense for their business. Platforms that rely on open standards, deploy on all the major hyperscale public clouds, and offer portability between the hyperscaler IaaS foundations are really the ideal choice for serverless environments.

    Read more in Digitalist Magazine

    Nordcloud tech blog: Developing serverless cloud components

    cloud component contains both your code and the necessary platform configuration to run it. The concept is similar to Docker containers, but here it is applied to serverless applications. Instead of wrapping an entire server in a container, a cloud component tells the cloud platform what services it depends on.

    A typical cloud component might include a REST API, a database table and the code needed to implement the related business logic. When you deploy the component, the necessary database services and API services are automatically provisioned in the cloud.

    Developers can assemble cloud applications from cloud components. This resembles the way they would compose traditional applications from software modules. The benefit is less repeated work to implement the same features in every project over and over again.

    Check out our tech blog that takes a look at some new technologies for developing cloud components

    Nordcloud Case study: Developing on AWS services using a serverless architecture for Kemppi 

    Nordcloud helped Kemppi build the initial architecture based on AWS IoT Core, API Gateway, Lambda and other AWS services. We also designed and developed the initial Angular.js based user interface for the solution.

    Developing on AWS services using a serverless architecture enabled Kemppi to develop the solution in half the time and cost compared to traditional, infrastucture based architectures. The serverless expertise of Nordcloud was key to enable a seamless rampup of development capabilities in the Kemppi development teams.

    Read more on our case study here

    Serverless at Nordcloud

    Nordcloud has a long track record with serverless, being among the first companies to adopt services such as AWS Lambda and API gateway for production projects already in 2015. Since then, Nordcloud has executed over 20 customer projects using serverless technologies for several use case such as web applications, IoT solutions, data platforms and cloud infrastructure monitoring or automation.

    Nordcloud is an AWS Lambda, API Gateway and DynamoDB parter, a Serverless framework partner and contributor to the serverless community via contribution to open source projects, events and initiatives such as the Serverless Finland meetup.

    How can we help you take your business to the next level with serverless?

    Blog

    Starter for 10: Meet Jonna Iljin, Nordcloud’s Head of Design

    When people start working with Nordcloud, they generally comment on 2 things. First, how friendly and knowledgeable everyone is. Second,...

    Blog

    Building better SaaS products with UX Writing (Part 3)

    UX writers are not omniscient, and it’s best for them to resist the temptation to work in isolation, just as...

    Blog

    Building better SaaS products with UX Writing (Part 2)

    The main purpose of UX writing is to ensure that the people who use any software have a positive experience.

    Get in Touch

    Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








      Security in the Public Cloud: Finding what is right for you

      CATEGORIES

      Blog

      Security concerns in the cloud pop up every now and then, especially when there has been a public breach of some sort. What many businesses still don’t realise is that the public cloud is a shared responsibility, from both the cloud provider and customer. Unfortunately, 99% of these breaches are down to the customer, not the cloud provider. Some of these cases are due simply to the customer not having the competences in building a secure service in the public cloud.

      Cloud comes in many shapes and sizes

      • Public cloud platforms like AWS, Azure and GCP
      • Medium cloud players
      • Local hosting provider offerings
      • SaaS providers of variable capabilities and services: From Office 365 to Dropbox

      However, if the alternative is to use your own datacenter, the data center of a local provider, or a SaaS service, it’s worth building a pros and cons table and making a selection after that.

      Own data centre
      Local hosting provider
      Public cloud
      • Most responsibility
      • Competence varies
      • Variable processes
      • Large costs

      However – Most choice in tech

      • A lot of responsibility
      • Competence varies
      • Variable processes
      • Large costs

      – Some choice in tech

      • Least responsibility
      • Proven competence & investment
      • Fully automated with APIs
      • Consumption-based

      -Least amount of choice in tech

      Lack of competence is typical when a business ventures into the public cloud on their own, without a partner with expertise. Luckily:

      • Nordcloud has the most relevant certifications on all of the major cloud platforms
      • Nordcloud is ISO/IEC 27001 certified to ensure our own services security is appropriately addressed
      • Typically Nordcloud builds and operates customer environments to meet customer policies, guidelines and requirements

      Security responsibilities shift towards the platform provider the more high value services like IaaS, PaaS, SaaS are used. All major public cloud platform providers have proven security practices with many certifications such as:

      • ISO/IEC 27001:2013 27013, 27017:2015
      • PCI-DSS
      • SOC 1-3
      • FIPS 140-2
      • HIPAA
      • NIST

      Gain the full benefits of the public cloud

      The more cloud capacity shifts towards the SaaS end of the offering, the less the business needs to build the controls on their own. However, existing applications are not built for the public cloud and therefore if the application is migrated to the public cloud as it is, similar controls need to be migrated too. Here’s another opportunity to build pros & cons table: Applications considered for public cloud migration ‘as is’, vs app modernisation.

      ‘As is’ migration
      Modernise 
      • Less benefit of cloud platform
      • IT-driven

      BUT

      • You start the cloud journey early
      • Larger portfolio migration
      • Time to decommission old infra is fast
      • Slower decommissioning
      • Individual modernisations

      BUT

      • You can start you cloud-native journey
      • Use DevOps with improved productivity
      • You have the most benefit from using cloud platforms

      Another suggestion would be to draw out a priority table of your applications so that you gain the full benefits of the public cloud.

      In any case, the baseline security, architecture, cloud platform services need to be created to fulfil requirements in the company security policies, guidelines and instructions. For example:

      • Appropriate access controls to data
      • Appropriate encryption controls based on policy/guideline statements matching the classification
      • Appropriate baseline security services, such as application level firewalls and intrusion detection and prevention services
      • Security Information and Event Management solution (SIEM)

      The areas listed above should be placed into a roadmap or project with strong ownership to ensure that the platform evolves to meet the demands of applications at various stages in their cloud journey. Once the organisation and governance are in place, the application and cloud platform roadmaps can be aligned for smooth sailing into the cloud where appropriate, and the cloud-native security controls and services are available. Nordcloud’s cloud experts would be able to help you and your business out here.

      Find out how Nordcloud helped Unidays become more confident in the security and scalability of their platform.

      Blog

      Starter for 10: Meet Jonna Iljin, Nordcloud’s Head of Design

      When people start working with Nordcloud, they generally comment on 2 things. First, how friendly and knowledgeable everyone is. Second,...

      Blog

      Building better SaaS products with UX Writing (Part 3)

      UX writers are not omniscient, and it’s best for them to resist the temptation to work in isolation, just as...

      Blog

      Building better SaaS products with UX Writing (Part 2)

      The main purpose of UX writing is to ensure that the people who use any software have a positive experience.

      Get in Touch

      Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.