01. September 2021

The cloud: blessing or curse? It’s a matter of perspective


Cloud security // Short go-to-market cycles, start-up and shutdown at the click of a mouse, scaling in all directions and pay as you go: the list of advantages of using the cloud is compelling, isn’t it?

The majority of the benefits comes from the use of containers as a deployment format and the associated orchestration and administration tools – such as Kubernetes, Open Shift or Google Anthos. The location where the cloud technology is provided essentially differentiates the two approaches of the “private cloud” and “public cloud”: While the private cloud is operated in an in-house computing center or as dedicated third-party infrastructure, the “public cloud” shares resources between multiple customers. The use of cloud technology implicitly adds another dimension to IT architecture. When public and private clouds are used together, this is referred to as a hybrid cloud. When the services are sourced from more than one provider of the same type (private or public), the result is known as a “multicloud” setup. The already demanding discipline of security is made even more complex by the added dimension of the cloud: In many cases, hybrid and multi-cloud architectures are also required to intersect with historically developed on-premises infrastructure.

When are out-of-the-box cloud security tools worth using?
Public cloud providers in particular tend to offer native security solutions. These are typically easy to configure and are included in the service at little extra cost or even free of charge. On the other hand, they have one major disadvantage: Out-of-the-box tools are proprietary in nature, meaning they only function with and in the cloud of the respective provider. The out-of-the-box security tools of the various providers are fundamentally different in terms of their functional scope, operation and interoperability.
This would mean that companies need a consistent “one cloud only” strategy to even have a chance at covering all their security and governance needs with purely out-of-the-box tools. As soon as more than one provider is represented in the architecture, the situation becomes more challenging. It becomes virtually impossible to manage using solely out-of-the-box tools. The standardization, comparison and assurance of rules and specifications, while taking into account any changes and modifications over time, is simply impos-sible to achieve.

A uniform security layer is the golden thread in IT architecture
Independent security solutions, which can be deployed on private and public clouds of the customer’s choice, are the obvious alternative to out-of-the-box tools from cloud providers. These independent solutions stand out as advantageous for their central management. Management, meaning the administration and operation of services and solutions, is becoming an ever stronger focal point as complexity increases. This applies both to the management of entire cloud platforms, and to the dedicated management of a uniform security layer. With central management, access rules and security policies are defined at a single point and rolled out from there to as many nodes as the customer chooses. This not only allows private and public clouds to be combined with the on-premise world; far more, it serves as a foundation for the flexible movement of applications between the different worlds. Sometimes, a uniform security layer can even enable the successive migration of the IT system landscape – previously located entirely in the on-premise world – to the cloud.

Recognize – start – win
The roadmap for transitioning to the cloud is both clear and effective. The complexity created by the additional dimension of the cloud is a reality – it is, as it were, the other side of the coin. “Self-awareness is the first step to self-improvement” is a fitting saying here. This complexity must be recognized and accepted in order to be on a level footing, so to speak. Once recognized, it can be reduced bit by bit with the help of abstraction and automation. In a security context, this is achieved as described with a uniform security layer. Operating numerous private and public clouds is made simple by cloud management platforms. These measures lead directly to success – success in the face of growing complexity. This will allow the full potential of cloud technology to unfold. Only when most of the complexity has been cleared out of the way for the engineering and operations teams are they freed up to focus on their actual work. The use of cutting-edge technologies not only allows companies in all sectors to optimally support their core business, it is also increasingly becoming a game changer that enables the creation of new business fields and strategies.

Christoph Schulthess
Christoph Schulthess

Christoph Schulthess has technical expertise and many years of experience in IT security. At United Security Providers, he leads a team of experts that is responsible for application security and the utilization of the USP Secure Entry Server®.