My webinar today on surprises in cloud security migration

On of the things that people felt was controversial about my message was “end-point security is no longer a thing”. I’m saying this from the standpoint of:

  • Instances are short-lived (hours/days, not months/years)
  • Instances are dynamically scaling in and out
  • Cloud native applications (usually) run a single-process per instance/container, no space for another (you could do a sidecar I suppose)
  • Your filesystem (should be) is read-only (all state is stored in persistent-volume, in PaaS DB)
  • You are building (CI), scanning (SAST, DAST, ASAN, TSAN, MSAN, FSAN, …) and checking upstream

Enjoy! Comments welcome.

Posted

in

by

db

Tags:

,

Comments

2 Responses to “My webinar today on surprises in cloud security migration”

  1. Antoine

    I think my question regarding lifetime of IaaS during the webinar was misunderstood. I was not referring to how long an instance would live (hours), I was referring to the IaaS market itself (I want to purchase some compute, throw on Windows Server 2016).

    1. If the software your organisation buys all becomes SaaS, you no longer need servers to run the software (on prem or cloud)
    2. If the software you internally develop is all PaaS, then you no loner need servers to run the software (on prem or cloud)

    with 1 and 2 – I don’t exactly see need for IaaS past 2022 (chosen arbitrarily, you get the point – it naturally goes away)

    FWIW – from IT perspective, I still mostly see them treat their compute as pets but Canada is further behind the US in cloud adoption (data residency …AWS/Azure only recently brought DCs to Canada)

    (As a note: In general I see the term PaaS used for containers, and I see serverless referring to lambda).

    Reply
  2. db

    ah I see.
    On the IaaS… since the orchestration (e.g. Kubernetes) uses it underneath, and there’s a desire to add ‘spot’ capacity pan-cloud, I’m not sure it would go away.
    e.g. if u use GKE, it is just orchestrating virtual machines it starts and puts a fixed image on anyway.

    certainly if you buy only saas then there is nothing for you… all you get is a URL to use an pay for.

    if you buy/develop sw that uses PaaS to much of it, it comes down to the arch of the bits you do develop.

    for sure compute is often still a pet. Terraform is maybe used to initially create, and then the old workflow is used. I think this will start to change.

    Also, licensing model for already purchased sw may prove a disincentive to change since it might mean a re-buy.

    lamba is aws brand-name for serverless, google calls it functions, etc.

    paas is more like a google app-engine or heroku, but is generally any programming platform that provides a service below the top-level app but above compute.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *