The Error Prone Nature of Cloud Environments
- Denisse Soker
- 2 minute read
If we could imagine the cloud journey as a game, it would resemble Tetris a lot. You start slow and steady, adopting SaaS for your ERP or CRM system. So far so good, you’ve got a little cube on the corner and plenty of room.
Then you move forward to internal applications...but, those have to be implemented in IaaS or PaaS environments. Here comes a T shaped cube. Now one database resides alongside an application within your Azure cloud environment. Another Cube. Another application is connected to the same database - but this one resides within the on-premises. Another two L shape cubes come in. Now all of those applications’ and databases' PII access needs to be managed with the same HSM.
Large enterprises that build multi-cloud and hybrid cloud environments are continuously struggling with the scale and complexity of the resulting design and with an ever-growing skills gap. Besides the management implications - these designs raise the security bar since risk assessments now have to take in mind an inherently error prone nature.
A short glimpse at the numbers tells the whole story. Breaches caused by cloud misconfigurations in 2018 and 2019 exposed nearly 33.4 billion records in total - that is while taking in mind that 99% of all misconfigurations in the public cloud go unreported. Moreover, recent reports state that 51% of the organizations pointed to “data loss” as the main issue experienced due to cloud misconfigurations.
Data protection is often mistaken with mere enablement of data at rest and access analyzer, but the actual reality is much more complex.
While implementing each cloud’s native security technology you should consider the following trade-offs:
- DevSecOps and security teams need to manage numerous technologies
- Each with its specific nuanced configuration and multiple connections to yet another multiple other applications and platforms
- Not to mention integration and management of existing, “legacy”, security measures like HSM or Key Management Systems
- Which in turn, due to lack of design compatibility, continue to exist in both on-premises as well as cloud-based deployments.
As a typical use-case, imagine a hybrid-cloud B2C application, which needs to be integrated with an on-premises HSM for Key generation but supports cloud-based applications serving the customer’s end users. Even if you utilize the native tools of the database vendor (MongoDB in our real-life scenario) - the customer will need to implement and manage the MongoDB encryption tools for both on-premises and cloud based instances, integrate each of them to an HSM (on-premises, cloud based or both) and perform massive code changes in the applications consuming these services. Getting back to the Tetris example, here the game will be definitely over - your environment would be too complex to manage.
Using Kindite each of the relevant applications integrates seamlessly (with no code changes) to a unified, cross-platform and cloud-agnostic solution. Kindite supports all popular data-sources like: AWS RedShift, AWS Athena, Apache Hive, Apache Hadoop, Apache Spark, PostgreSQL, MongoDB, Cassandra, MySQL, OracleDB, SQL Server and more.