Almost everyone uses hyperscale public cloud, whether they’re aware of it or not. The underlying technologies enabling consumption and interaction with web applications are powered by a number of multibillion dollar giants like Amazon, Google, IBM, and Microsoft that together have created a cloud horsepower and technology arms race.
As a result, a commodity market has emerged that includes consumption-based pricing, geolocation, rapid provisioning, extensive developer tools and resources, rapid storage, and more. The last 10 years have seen the emergence of some exciting high-demand workloads ─ machine learning, artificial intelligence, massive multiplayer online games, big data, mobile applications, and the internet of things, all of which have been fueled by hyperscale public cloud.
Highly Scalable. Capable of handling large data volumes. Distributed. Fast. Cost effective. These are some of the benefits hyperscale platforms deliver. Most people get it – public cloud services provide an immediate advantage in terms of flexibility and ease of use. Unfortunately, what is often overlooked are the security risks that have entered the picture in an increasingly hyperscale world.
The Enemy Within
Tremendous advantages aside, if you’re a business leader, you need to be aware of how hyperscale public cloud solutions can harbor hidden dangers if not properly architected, configured, and managed.
A few very recent examples:
• BroadSoft, a global communications software and service provider had a massive unintentional data exposure. Cloud-based repositories built on the AWS S3 platform were misconfigured, allowing public access to sensitive data belonging to millions of subscribers.
• In another case, improper configuration of AWS S3 storage and insufficient security solutions exposed records of 14 million Verizon customers.
• TigerSwan, a private military contractor left “Top Secret” data similarly unprotected on an AWS S3 storage bucket.
The Real Problem
The problem is not with the hyperscale public cloud itself. These breaches show how human error and limited security are the weak links in the information security chain. A single misstep, lapse in process, or misconfiguration can result in a massive exposure of data to the entire world. Organizations that use hyperscale computing can remain at risk from these and other kinds of security incidents because they often utilize bolt-on security solutions, manual security auditing, manual incident remediation, and other legacy practices and tools that threaten overall security posture.
You CAN Hyperscale – Safely
As the cloud story continues to evolve, we will witness more stories about security breaches. But it’s not a story that has to happen to your business or organization.
Today’s issues can be addressed by implementing security best practices and technologies that protect modern data, system configurations, and applications. Constructs such as infrastructure automation, cloud-aware security policies and technologies, and coded system policies are examples of next-level security that minimizes risk, particularly in the cloud. It’s not a simple path (especially without a high level of security expertise), but the rewards are most certainly worth the effort.
Organizations of all sizes have simplified and improved their security posture by working with a trusted managed service provider such as Hostway to help architect, configure, and manage a comprehensive cloud security solution designed specifically for their unique requirements. Hostway has both the expertise and broad portfolio of managed security services to help ensure that your cloud solution is properly configured to meet your objectives while protecting your business and customer data.