Security In The Public Cloud: Finding What Is Right For You

What many businesses still don’t realise is that the public cloud is a shared responsibility, from both the cloud provider and customer.

Security concerns in the cloud pop up every now and then, especially when there has been a public breach of some sort. What many businesses still don’t realise is that the public cloud is a shared responsibility, from both the cloud provider and customer. Unfortunately, 99% of these breaches are down to the customer, not the cloud provider. Some of these cases are due simply to the customer not having the competences in building a secure service in the public cloud.

Cloud Comes In Many Shapes And Sizes

  • Public cloud platforms like AWS, Azure and GCP
  • Medium cloud players
  • Local hosting provider offerings
  • SaaS providers of variable capabilities and services: From Office 365 to Dropbox

However, if the alternative is to use your own datacenter, the data center of a local provider, or a SaaS service, it’s worth building a pros and cons table and making a selection after that.

Own data centre
Local hosting provider
Public cloud
 – Most responsibility
 – Competence varies
 – Variable processes
 – Large costs

However

 – Most choice in tech
 – A lot of responsibility
 – Competence varies
 – Variable processes
 – Large costs


 – Some choice in tech
 – Least responsibility
 – Proven competence & investment
 – Fully automated with APIsConsumption-based


 – Least amount of choice in tech

Lack of competence is typical when a business ventures into the public cloud on their own, without a partner with expertise. Luckily:

  • Nordcloud has the most relevant certifications on all of the major cloud platforms
  • Nordcloud is ISO/IEC 27001 certified to ensure our own services security is appropriately addressed
  • Typically Nordcloud builds and operates customer environments to meet customer policies, guidelines and requirements

Security responsibilities shift towards the platform provider the more high value services like IaaS, PaaS, SaaS are used. All major public cloud platform providers have proven security practices with many certifications such as:

  • ISO/IEC 27001:2013 27013, 27017:2015
  • PCI-DSS
  • SOC 1-3
  • FIPS 140-2
  • HIPAA
  • NIST

Gain The Full Benefits Of The Public Cloud

The more cloud capacity shifts towards the SaaS end of the offering, the less the business needs to build the controls on their own. However, existing applications are not built for the public cloud and therefore if the application is migrated to the public cloud as it is, similar controls need to be migrated too. Here’s another opportunity to build pros & cons table: Applications considered for public cloud migration ‘as is’, vs app modernisation.

‘As is’ migration
Modernise 
 – Less benefit of cloud platform IT-driven

BUT

– You start the cloud journey early
– Larger portfolio migration
 – Time to decommission old infra is fast
 – Slower decommissioning
 – Individual modernisations

BUT

– You can start you cloud-native journey
 – Use DevOps with improved productivity
 – You have the most benefit from using cloud platforms

Another suggestion would be to draw out a priority table of your applications so that you gain the full benefits of the public cloud.

In any case, the baseline security, architecture, cloud platform services need to be created to fulfil requirements in the company security policies, guidelines and instructions. For example:

  • Appropriate access controls to data
  • Appropriate encryption controls based on policy/guideline statements matching the classification
  • Appropriate baseline security services, such as application level firewalls and intrusion detection and prevention services
  • Security Information and Event Management solution (SIEM)

The areas listed above should be placed into a roadmap or project with strong ownership to ensure that the platform evolves to meet the demands of applications at various stages in their cloud journey. Once the organisation and governance are in place, the application and cloud platform roadmaps can be aligned for smooth sailing into the cloud where appropriate, and the cloud-native security controls and services are available. Nordcloud’s cloud experts would be able to help you and your business out here.

Find out how Nordcloud helped Unidays become more confident in the security and scalability of their platform.

Blog

Are you too late to go cloud native?

You’re never too late to choose a cloud native approach, no matter what stage of cloud maturity or digital transformation...

Blog

Why do so many CCoEs fail?

When you reach a certain stage of cloud adoption, you set up Cloud Centres of Excellence (CCoE). There are noble...

Blog

Part 1 – GCP Networking Philosophy

When working with cloud architecture, it's important to see the world from different perspectives.

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








    How to set up a Cloud Competence Centre

    CATEGORIES

    Blog

    To be able to talk about the Cloud Competence Centre model, a bit of background is needed. There’s usually a set of typical phases in a company’s Cloud Journey. You might start off with a few teams experimenting with cloud platforms for new application development, and, with the experiences gained from these projects, you can start planning how to move existing workloads to the cloud. As time goes by you realise that you’re running many different types of production workloads in the cloud with dependencies on each other and on-premise environments.

    It’s quite typical at this point to realise that all these environments should be managed with a proper Governance Model. The cloud provides a wide set of tools to extract many of the things that required a lot of work in the past. This includes managed databases, managed load balancers, virtual networking etc. At the same time, the Cloud Platform itself has to be managed in some way and certain questions need to be asked. How do we design our AWS Account or Azure Subscription structure? How do we provide and monitor access to these environments? How is networking managed? Should we have a baseline for security components across the environments?

    Managing a cloud platform requires ownership, typically seen in a Cloud Owner and a Cloud Steering Group. It also requires a centralised function to onboard cloud customers, do cloud platform development and maintain best practices for cloud deployments. Setting up a Cloud Competence Centre addresses exactly these needs.

    What does a Cloud Competence Centre do?

    A Cloud Competence Centre is a support function to increase developer productivity and maintain a consistent and secure cloud platform. The two key processes are Cloud Platform Development and Cloud Customer On-boardingCloud Platform development consists of setting up a Landing Zone and maintaining it. There’s requirement coming from development teams, Cloud Steering Group and the Cloud Competence Centre itself for shared services, security components, best practice architectures and template solutions. All of these are implemented and maintained by the Cloud Competence Centre.

    Cloud Customer On-boarding is the process of introducing a development team to the Cloud Platform and making sure they follow best practices for architecture, security, and cost management. The Cloud Competence Centre also sets up any required accounts, networking and access for the team to quickly get started with the actual development.

    What are the typical challenges in setting up a Cloud Competence Centre?

    • There’s limited understanding on public cloud platforms and how to leverage them in the organisation
    • As cloud is a new concept, it’s hard to figure out who owns it in the organisation
    • The new function requires a budget to operate which can be hard to get
    • Some development teams feel they can manage the platform themselves without the support of a Cloud Competence Centre
    • A lot of projects are already running in the cloud without a proper governance model

    How can you mitigate these challenges?

    • Create a Cloud Governance Model early on in the Cloud Journey
    • Make sure all stakeholders understand the importance of managing the cloud platform and supporting development teams
    • Train the people on the benefits and new concepts of public cloud platforms
    • Get support from a skilled partner to set up the Cloud Competence Centre working together with your own team

    The key thing to keep in mind when setting up a Cloud Competence Centre is that it has to provide value to its customers (the development teams). The Cloud Competence Centre has to be very skilled in the selected cloud platform and also be able to communicate and document how to leverage the cloud. When you provide the teams a service that speeds up their work and makes their journey to the cloud easier, there will be less Shadow IT and more consistent, secure and automated environments across all business units.

    If you would like more information on how Nordcloud can help you set up your business’s Cloud Competence Centre, visit our services page, or contact us here.

    Blog

    Starter for 10: Meet Jonna Iljin, Nordcloud’s Head of Design

    When people start working with Nordcloud, they generally comment on 2 things. First, how friendly and knowledgeable everyone is. Second,...

    Blog

    Building better SaaS products with UX Writing (Part 3)

    UX writers are not omniscient, and it’s best for them to resist the temptation to work in isolation, just as...

    Blog

    Building better SaaS products with UX Writing (Part 2)

    The main purpose of UX writing is to ensure that the people who use any software have a positive experience.

    Get in Touch

    Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








      Taking the fast-track to become a Cloud Expert

      CATEGORIES

      Life at Nordcloud

      Can you transform IT professionals into cloud experts in just 6 weeks?

      – Well, I’d say Yes and No, but let me elaborate on that answer a bit. 🙂

      I’m one of the participants in Nordcloud’s first Talent Acceleration program, which kicked off in the beginning of June. Nordcloud helps its’ customers to utilize the public cloud, but currently there’s a real shortage of cloud professionals, especially of seasoned Cloud Architects. Nordcloud Talent Acceleration is a fast-track program – lasting just 6 weeks – for training cloud experts from seasoned IT professionals to help Nordcloud mitigate talent demand.

      After the training period ends in middle of August we’ll graduate to become Cloud Engineer, and start working in real customer projects, with the support of more senior staff members in the beginning. Getting real work experience in actual customer projects is a valuable thing, and one you can’t get with just taking cloud courses.

       

      From software developer to cloud expert

      For myself, the program is a return to a more technical role. At the start of my career I worked couple of years as a software developer and later on part as a sysadmin, but my last role has been working as a consultant – in theory mostly helping customers with collaboration tools and B2B marketing, but in practice selling my expertise in a very wide range of topics related to digitalisation. I’ve done everything from doing studies and compiling reports to delivering trainings and public speeches but also some technical work as well.

      All of us in the #1 program have several years of work experience in the traditional IT fields; most seem to come from a networking or a sysadmin background, but some have also programming experience. We will be going through several AWS courses (architecting, systems operations and DevOps), which comprise of both classroom training and labs, but we’re also working in small teams on a couple of case studies, i.e. architecting, implementing and automating an environment modeled after a real customer case (so called ”Lift & Shift” case).

       

      Digging deeper into cloud platforms

      I’ve been following the developments in the cloud field, but never had a change to dig deeper into any of the cloud platforms, while working as a consultant on the application layer things. Getting familiar with Amazon Web Services has been very interesting, and I’ve been amazed about the possibilities virtual servers in the public cloud, containers and serverless offers. We have currently learnt both how to build modern server architectures in AWS by ourselves, and also started to learn how to automate infra creation as well. The thought that one can just store a complex server infrastructure in a version control system, and easily deploy that to any other region is mind-boggling – to say the least.

      Nordcloud has also done quite a lot of IoT and AI / Machine Learning projects – which I wasn’t aware of before joining – and offers advisory services as well. As I’m always interested in new technologies and have consulting experience, I might lean into that direction in the future; let’s see.

      So getting back to the original question – yes, I think we will be ready to work as Cloud Engineers after the program, but I’m sure there will still be a lot to learn and working with our experienced Cloud Architects will definitely help us get productive in a fast manner.

      I’ll try to find the time to write another blog post or two about my experience later on, so stay tuned!

      Harri Lakkala, Nordcloud Talent Acceleration Cloud Trainee

       

      BTW. If you are an IT professional working on the ”old stuff”, check out the Nordcloud Talent Acceleration websiteNordcloud has at least 2 more infra tracks coming up in August and there’s also a new Cloud Developer track. You are a salaried employee from day 1 (including the training period) and get pretty extensive AWS trainings, so becoming a cloud expert has never been easier!

       

      Harri Lakkala is one of the Nordcloud Talent Acceleration track #1 participants and a seasoned IT/Digitalisation Expert. This blog post has been cross-posted from Harri’s LinkedIn blog.

       

      Blog

      Starter for 10: Meet Jonna Iljin, Nordcloud’s Head of Design

      When people start working with Nordcloud, they generally comment on 2 things. First, how friendly and knowledgeable everyone is. Second,...

      Blog

      Building better SaaS products with UX Writing (Part 3)

      UX writers are not omniscient, and it’s best for them to resist the temptation to work in isolation, just as...

      Blog

      Building better SaaS products with UX Writing (Part 2)

      The main purpose of UX writing is to ensure that the people who use any software have a positive experience.

      Get in Touch

      Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








        Security in the Public Cloud: Finding what is right for you

        CATEGORIES

        Blog

        Security concerns in the cloud pop up every now and then, especially when there has been a public breach of some sort. What many businesses still don’t realise is that the public cloud is a shared responsibility, from both the cloud provider and customer. Unfortunately, 99% of these breaches are down to the customer, not the cloud provider. Some of these cases are due simply to the customer not having the competences in building a secure service in the public cloud.

        Cloud comes in many shapes and sizes

        • Public cloud platforms like AWS, Azure and GCP
        • Medium cloud players
        • Local hosting provider offerings
        • SaaS providers of variable capabilities and services: From Office 365 to Dropbox

        However, if the alternative is to use your own datacenter, the data center of a local provider, or a SaaS service, it’s worth building a pros and cons table and making a selection after that.

        Own data centre
        Local hosting provider
        Public cloud
        • Most responsibility
        • Competence varies
        • Variable processes
        • Large costs

        However – Most choice in tech

        • A lot of responsibility
        • Competence varies
        • Variable processes
        • Large costs

        – Some choice in tech

        • Least responsibility
        • Proven competence & investment
        • Fully automated with APIs
        • Consumption-based

        -Least amount of choice in tech

        Lack of competence is typical when a business ventures into the public cloud on their own, without a partner with expertise. Luckily:

        • Nordcloud has the most relevant certifications on all of the major cloud platforms
        • Nordcloud is ISO/IEC 27001 certified to ensure our own services security is appropriately addressed
        • Typically Nordcloud builds and operates customer environments to meet customer policies, guidelines and requirements

        Security responsibilities shift towards the platform provider the more high value services like IaaS, PaaS, SaaS are used. All major public cloud platform providers have proven security practices with many certifications such as:

        • ISO/IEC 27001:2013 27013, 27017:2015
        • PCI-DSS
        • SOC 1-3
        • FIPS 140-2
        • HIPAA
        • NIST

        Gain the full benefits of the public cloud

        The more cloud capacity shifts towards the SaaS end of the offering, the less the business needs to build the controls on their own. However, existing applications are not built for the public cloud and therefore if the application is migrated to the public cloud as it is, similar controls need to be migrated too. Here’s another opportunity to build pros & cons table: Applications considered for public cloud migration ‘as is’, vs app modernisation.

        ‘As is’ migration
        Modernise 
        • Less benefit of cloud platform
        • IT-driven

        BUT

        • You start the cloud journey early
        • Larger portfolio migration
        • Time to decommission old infra is fast
        • Slower decommissioning
        • Individual modernisations

        BUT

        • You can start you cloud-native journey
        • Use DevOps with improved productivity
        • You have the most benefit from using cloud platforms

        Another suggestion would be to draw out a priority table of your applications so that you gain the full benefits of the public cloud.

        In any case, the baseline security, architecture, cloud platform services need to be created to fulfil requirements in the company security policies, guidelines and instructions. For example:

        • Appropriate access controls to data
        • Appropriate encryption controls based on policy/guideline statements matching the classification
        • Appropriate baseline security services, such as application level firewalls and intrusion detection and prevention services
        • Security Information and Event Management solution (SIEM)

        The areas listed above should be placed into a roadmap or project with strong ownership to ensure that the platform evolves to meet the demands of applications at various stages in their cloud journey. Once the organisation and governance are in place, the application and cloud platform roadmaps can be aligned for smooth sailing into the cloud where appropriate, and the cloud-native security controls and services are available. Nordcloud’s cloud experts would be able to help you and your business out here.

        Find out how Nordcloud helped Unidays become more confident in the security and scalability of their platform.

        Blog

        Starter for 10: Meet Jonna Iljin, Nordcloud’s Head of Design

        When people start working with Nordcloud, they generally comment on 2 things. First, how friendly and knowledgeable everyone is. Second,...

        Blog

        Building better SaaS products with UX Writing (Part 3)

        UX writers are not omniscient, and it’s best for them to resist the temptation to work in isolation, just as...

        Blog

        Building better SaaS products with UX Writing (Part 2)

        The main purpose of UX writing is to ensure that the people who use any software have a positive experience.

        Get in Touch

        Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.