Cloud vs On Premises . ! Debating while in New Norm

The topic suggests it has a long debate in backyards.. years back .. when cloud came has a newbie in market , debate started. Price will be high , Data leak.. security … Compliance…. etc..etc… But now after Covid let’s see if the mentality has changed or remains the same . !!!!

Despite the overwhelming momentum of cloud, IT organisations are still paralyzed by the “cloud” vs. “on-premises” debate. Myths about cost, security, and data protection derail cloud initiatives, while other companies gain competitive advantage from cloud’s flexibility. By understanding the true costs and benefits of the cloud, businesses can make an informed decision and prepare for the future.

Cost Effectiveness

Discussions about cloud costs tend to be both extreme and vague. One side touts superscalar users that save mind-boggling sums of money. The other side points to horrifying cloud bills bursting with “hidden fees.” The middle ground is littered with platitudes like “Cloud works well for ‘dynamic applications’” which many take to mean that only applications using Kubernetes, serverless functions, and object-storage could possibly be cost-effective.

Even without re-architecting applications, companies should be able to save money in the cloud with three different initiatives. First, move to SaaS applications for core services. SaaS providers like Druva create highly optimized cloud applications, so they can pass the savings to the customers. Second, shut down smaller data centers and move their workloads to cloud.

Even without tuning the applications for cloud, the operational and capital savings of eliminating data centers outstrips any inefficiencies. The third initiative is to migrate applications that are over-provisioned or running on the wrong type of data center infrastructure. Cloud offers a chance to optimize even static applications with a broader menu of compute and online storage options than most companies can run in their data centers.

The biggest secret to extracting value from the cloud is to create momentum. Don’t waste time debating the 10% of applications that will be difficult to move. Just as some companies never fully virtualized, some will never fully move to the cloud. Fortunately, as you migrate simple workloads to the cloud, you will save money, free up capacity for on-premises applications, and build a “cloud-first” organisation.

Security and Compliance

The question is not whether the cloud is more secure than on-premises, but how businesses can best use the cloud to improve their security. For over a decade, compliance agencies, cyber criminals, and customers have probed cloud providers for vulnerabilities. The relentless scrutiny has driven cloud and SaaS providers to invest in teams and technology to outpace potential threats.

In fact, Gartner wrote “the majority of cloud providers invest significantly in security, realizing that their business would be at risk without doing so.” As a result, cloud now has some of the highest levels of security available, backed by broad federal certifications. Conversely, most individual businesses lack the expertise, time, and staff to keep pace with sophisticated and continuously evolving attacks.

The cloud provider ensures the security of the environment, but the customer is still responsible for their data. Thus, customers should encrypt data in movement and at rest, verify that object stores are not exposed to the outside world, and manage their network policies closely. Cloud teams must also protect from internal threats, especially through network monitoring for unusual user activity and access patterns. Finally, since organisations are creating more accounts within the cloud, security checks need to be automated, so they can scale with the cloud environment.

A secure cloud can then improve cyber security for the on-premises environment. When hackers breach a data center, they attack both production and backup environments, so the company has no choice but to pay the ransom. Many IT teams are trying to retrofit air gapped backups onto their existing solution, which is an error-prone and expensive process. With a SaaS data protection provider, the data is automatically isolated and immutable, so customers can be confident their cloud backups will always be safe and rapidly recoverable.

Protecting Your Data

While customers worry too much about cost and security, they worry too little about protecting their data. While cloud providers protect the IT infrastructure, you are responsible for your data. Furthermore, data in the cloud is subject to the same litigation, compliance, and governance requirements as it was on-premises. It is also just as likely to be deleted or corrupted due to user error, application error, or malicious internal users. Many business teams do not consider the risks to their data when they use cloud, but data protection is more important than ever.

While the core protection requirements in the cloud and on-premises are the same, the users’ expectations are not. Self-service and agility are so important in the cloud that teams will not wait for “backup teams” to configure protection or run restores. Instead, protection must be built into the environment, so that new application data can be automatically backed up.

Then, in the event of an issue, application owners need to be able to run self-service recoveries from their application’s interface. Meanwhile, in the background, the cloud team should centrally manage creating, securing, and retaining the backups. Successful organisations protect both data centers and cloud, but they evolve their legacy technology and processes to meet their cloud teams’ needs.

Business flexibility

Once a customer has shifted to a “cloud-first” environment, they uncover the true competitive advantage – the sheer speed of scaling resources up and down. While it takes months to procure and install on-premises infrastructure, a team can provision cloud capacity in minutes. More importantly, unlike capital expenditures, cloud capacity can also be released in minutes.

Organisations worry about the risk of investing either too early or too late to take advantage of a resurgent economy. If they invest too late, their competitors bypass them. If they invest too early, they can be forced to make deep cuts. Therefore, most companies move cautiously. With the flexibility of the cloud, however, market leaders are preparing to move aggressively.

Once you get past the myths to the truth about the cost, security, and protection of the cloud, you can see the value of its flexibility. Cloud shifts infrastructure from a cost center to a strategic platform that helps companies embrace opportunities in an uncertain future. Those that thrive in a period of change will be agile, secure and able to scale at speeds that out-compete rivals. Done right, scaling with the cloud can help companies become the new market leaders.

SDP for Zero Trust ! Game changer

Software Defined Perimeter (SDP) is the most effective architecture for adopting a zero trust strategy, an approach that is being heralded as the breakthrough technology for preventing large-scale breaches.

SDP zero trust

“Most of the existing zero trust security measures are applied as authentication and sometimes authorization, based on policy after the termination of Transport Layer Security (TLS) certificates,” .

“Network segmentation and the establishment of micro networks, which are so important for multi-cloud deployments, also benefit from adopting a software-defined perimeter zero trust architecture.”

SDP improves security posture


A zero trust implementation using SDP enables organizations to defend new variations of old attack methods that are constantly surfacing in existing network and infrastructure perimeter-centric networking models.

Implementing SDP improves the security posture of businesses facing the challenge of continuously adapting to expanding attack surfaces that are, in turn, increasingly more complex.

Network security implementation issues
The report notes particular issues that have arisen that require a rapid change in the way network security is implemented, including the:

1.Changing perimeter
2.IP address challenge,
3.Challenge of implementing integrated controls.

Zscaler buys another startup ! Edge networks

Zscaler Inc. is doubling down in its drive to dominate the market for “zero trust” security frameworks with its second acquisition in about six weeks.

The cloud security specialist is acquiring Edgewise Networks, a four-year-old Boston area startup focused on securing communications among applications running in cloud and datacenter networks.

The acquisition of Edgewise Network addresses growing enterprise requirements to detect security threats that can spread rapidly across a network from a single compromised server. The startup’s tools focus on securing so-called “east-west,” or lateral, network traffic by verifying application software and other services.

The result, Zscaler said, is a zero-trust environment in which no one inside or outside a network is trusted by default. The security approach is said to reduce cloud and datacenter attack surfaces, thereby reducing data breaches and application hacks.

The startup’s zero-trust approach discovers individual applications and their legitimate communication patterns. AI and machine learning algorithms are then used to automatically enforce authorized communication to provide a security layer called application segmentation. That approach isolates distinct service tiers from one another within an application to create security boundaries that reduce exposure to attacks originating from other applications.

“Edgewise is highly innovative technology that enables application segmentation without having to do traditional network segmentation which is often done with virtual firewalls,” .

The zero-trust security framework is geared to the growing number enterprise multi-cloud deployments that increasing use micro-services to deliver distributed applications. The many moving parts create more opportunities for security breaches via compromised servers and applications.

The Edgewise framework uses a technique called software identity verification to secure network traffic carried across public and hybrid clouds, datacenter and application containers.

Cloud services are the main targets during this pandemic

Attackers are increasingly hitting collaboration services such as Microsoft 365 to access cloud accounts with stolen credentials, says McAfee.

external-cloud-threats-mcafee.jpg

The move to remote working spurred by the pandemic has triggered a surge in the use of cloud services. Such virtual meeting and collaboration platforms as O365,Teams Zoom, Cisco’s Webex, and Google Hangouts have all seen increased demand. But that trend has also made these services and their users more of an open target for cybercriminals looking to capture or exploit account credentials. The “cloud adoption risk report” released Wednesday by McAfee shows how attackers are taking advantage of cloud services and what organizations can do to better protect themselves.

Based on cloud-usage data from 30 million McAfee MVISION cloud users between January and April 2020, the security provider found a 50% increase overall in the use of cloud services. Some of the largest gains have been seen with Webex, Zoom, Microsoft Teams, and Slack across such industries as manufacturing, education, real estate and construction, government, and financial services.

A rise in cloud access has also been observed from unmanaged devices, typically personal devices owned by the user and not approved or managed by IT.

The volume of cyberthreats against cloud services has shot up by 630% since the start of the year, with the greatest focus on collaboration tools such as Microsoft 365. Many of the attacks are likely opportunistic, meaning they’re using stolen account credentials for password spraying campaigns. These threats fall into two types of categories as named by McAfee:

1. Excessive logins from anomalous locations

2. Suspicious superhuman

Among targeted industries, transportation and logistics were hit by the largest increase in cyberthreats, followed by education, government, manufacturing, financial services, and then energy and utilities. Based on IP address, the top countries from which the attacks stem include Thailand, the US, China, India, Brazil, Russia, Laos, Mexico, New Caledonia, and Vietnam. The top ten are all outside of Europe, which as McAfee points out, is home to some of the tightest data protection laws in the world.

“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior,” Rajiv Gupta, senior vice president of Cloud Security for McAfee, said in a press release. “Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices. Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organization.”

To help organizations rethink and tighten their cloud security, McAfee offers the following suggestions:

  1. Think cloud-first.
  2. Consider your network.
  3. Consolidate and reduce complexity
  4. Implement a cloud-based secure web gateway 
  5. Allow employees to connect to sanctioned cloud services 
  6. Set the policy in your CASB 
  7. Let employees use their personal devices