Business-Enabling Cybersecurity: 9/29/2023

In the News

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - SecurityWeek

Johnson Controls Hit by Ransomware - SecurityWeek

National Security Agency is Starting an Artificial Intelligence Security Center - SecurityWeek

Cloud Service Provider (CSP) Considerations

#AWS #AZURE #OCI #GOOGLE - There is no shortage of CSP in today's marketplace, and that is a great thing for everyone; however, it does bring with it a number of questions such as which to choose? which is "better"? which is less money, and so on. It can be quite overwhelming when one is trying to decide to start their cloud journey or even expand their cloud presence to include multi-cloud vendors.

Here are some areas to consider and focus on when decided which to start with or bring into your existing infrastructure.

Requirements

What is the exact reason for your (or your company) decision to migrate to the cloud?

Lay out the primary reason for this decision and it needs to the driving factor under which other reasons exist. This is because the main reason for a #cloud #migration may help you determine which CSP to consider first, as each CSP has their own unique strengths and weaknesses when compared to the others.

It very well may be that one or many of the reasons fall under the advantages of cloud and each CSP has their own list of advantages and reasons for "going cloud".

What do you expect to gain from introducing cloud offerings?

This could be a number of reasons as well and it could be the same or similar to why you are going to the cloud in the first place. But the answer here should be along the lines of specific cloud-derived benefits such as deployment speed, global reach, virtually unlimited storage capacity, or cyclical business seasons.

What are the core or critical functions you need the cloud to do for you?

This question begins to sort out the different cloud providers from one another. Depending on previous reasons answered above, it may be that you have a custom application or product as a core offering. Or perhaps you need a specific capability in order to do so. For example, if your company has already invested in Oracle, moving to OCI is likely an easy decision due to the cost savings in hardware, software licenses, and an easier migration process because the provider in your on-premises is the same as your target cloud. These critical or core functions can also help you determine which provider is more cost effective as some providers have lower service prices than their competitors for the same or nearly the same services. Cost savings could be a leading factor decided above and if that is the case, it will direct you toward the provider with the closest solution with the lowest price.

What is your current cloud expertise capability?

Each of the major cloud providers offer #professionalservices to help their customers with their cloud journey and these services can include everything from consulting, designing, implementation, and so on. If your organization already has a strong technological leaning or experience with a particular provider, it may be that the needing the professional services teams is very low. These teams offer a premium price for their services and an in-house pool of expertise could be a cost-savings. However, if that expertise does not already exist, it may be more cost effective to hire the professional services team to help get you established quickly so your organization can begin to reap the benefits of the cloud, sooner, instead of trying to find and hire the talent and potentially adding delay.

Other Considerations

Here are some other questions to ask when discussing a potential cloud agreement with a CSP:

1. How much control do I have over my data?
2. Do your internal cloud administrator team have access to my systems, data, and services?
3. What encryption do you offer for data in-transit and at-rest? Do we get to select from a list of algorithms? Is encryption always on by default for all/some services or do we have to enable encryption ourselves for each service we utilize?
4. What are your Service Level Agreements (SLA) for your various services such as uptime, availability, reimbursement, etc.
5. How do you ensure separation between tenants and data?
6. What specifically do you secure and what specifically are we responsible to secure? (This may be different from CSP to CSP so it is always prudent to check their published shared responsibility model)
7. Do you offer services that are "dedicated" to each customer? Most major CSPs offer services such as compute that can be placed on dedicated hardware and is not shared with other cloud tenants. There may be other services that offer this as well.
8. Where is your support team located? Are they outsourced or are they direct employees?
9. What backup and recovery functionality do you provide for services?
10. Do you offer a free trial or provide a complimentary amount of cloud credits we can utilize to see if your services fit our needs with a proof of concept or research?