Episode Summary

iland Cloud Technologist Brian Knudtson is joined by guests Chris Williams, Tom Hollingsworth, and Trevor Pott for an entertainingly contested conversation about how customers can improve the security of their data in the cloud. They explore shared security models, nerd knobs, and the question: Can you build a public cloud that’s more secure than on-premises? The gauntlet has been thrown!

Panel

Cloud Conversations

Topic 1

[02:58] Security is top of mind in any data center implementation these days. In your work with customers, are they viewing the cloud as more, less, or equally secure as an on-premises implementation?

Topic 2

[13:13] Are there any notable things cloud providers are doing to improve security for their customers? Are there any particularly precarious security situations that customers should be on the lookout for?

Topic 3

[20:19] iland DRaaS customers have used their DR environment, with the built-in security tools we provide, to find vulnerabilities they weren’t finding on-premises. Are there other novel ways cloud providers are enabling a more secure environment for customers?

Cloud Bites

[01:28] “I will die on the hill that I can build a public cloud more secure than you could do in private.” – Chris Williams

[02:40] “I would argue that no matter how secure your cloud is, you are one stupid user away from a very bad day. Concentrating your security posture on solving the protein robot robot problem is where most of your efforts should go.” – Tom Hollingsworth

[04:06] “The shared security model is a model that the public cloud providers want everyone to pay attention to when we’re talking about security.” – Chris Williams

[05:40] “There’s a laundry list of security issues that you still have, but it’s not nearly as long as the laundry list of security issues that you have to address in a private environment.” – Chris Williams

[09:03] “This really isn’t a question of the public cloud infrastructure is inherently more secure. It’s basically that public cloud infrastructure has teams of people whose job it is to continually secure it and continually develop new secure defaults. They effectively have large operations and security teams that are trying their darnedest to secure the thing for which they are responsible and we all benefit from that expertise and effort.” – Trevor Pott

[12:12] “It is not ‘push button, receive security.’ That has to be something that we get out there and make as a message because it is no more a road to easy IT than on premises security. If we fall into that trap, if we simply allow that public cloud provider to cause us to turn our brains off, then we’ve just reinvented the same problem.” – Trevor Pott

[13:43] “Cloud providers are going to do the minimum necessary to remove liability and keep customers.” – Tom Hollingsworth

[18:15] “In order to adequately secure and backup and so on and so forth, in order to create a professional IT environment that does the things we know we’re supposed to do, those environments, by definition, require us to think about how we use them. And thinking about how we use them is inconvenient.” – Trevor Pott

[19:13] “Making people uncomfortable from a security perspective forces them to consider their choices. It’s almost like the dialogue box that pops up before you completely reformat your system. Are you sure you want to do this? I’m making this very inconvenient for you so you don’t do something you’re not supposed to.” – Tom Hollingsworth

[21:19] “If you know what you’re doing, then you can use the cloud in very secure way and use it to provide very secure services that you simply can’t do in an on premises setup.” – Trevor Pott

[27:51] “I would argue that cloud is about making a choice as to what you are willing to outsource and whom you’re willing to trust with security, data, etc.” -Trevor Pott