Skip to main content

The Myth of Cloud Agnosticism

·322 words·2 mins
Posts Simplify cloud sans iac webcast
Table of Contents

My Notes
#

Here are my notes taken from the SANS webcast.

  • Top 6 CSP includes: AWS, Azure, Google Cloud, Alibaba Cloud, Oracle Cloud, IBM Cloud.
  • Terraform allows to define cloud infrastructure as code and supports all the top 6 CSPs.
  • It is practically impossible to consistently apply security controls across CSPs using any single tool including Terraform.

Organizations look to so-called “cloud-agnostic” technologies to manage this complexity.

  • Cloud infra includes highly specific services and platform, and these platform are not interoperable.

    • different API call schemes are used to create infra in each CSP
    • fundamental security concepts differ across the CSP
    • users must understand the conceptual differences between clouds and between syntactical in at diff TF providers.
  • Cloud IAM control, is the most important subject across CSP.

    • limit access to managed services
    • IAM is more useful than network control in clouds.
    • AWS IAM logic flow Vs. Azure RBAC eval logic Vs. Google Cloud Policy eval
  • CSP may break integration (on purpose) to maintain as market leader.

  • Other than IaC, application integration is another barrier to cloud agnisticism.

    • native clouds services are more secure than written in-house.
    • either have to re-write the apps for interoperability, or not relying on native cloud services, like S3, DynamoDB, IAM.
  • Webcast was conducted at May 10, which is Happy SEC510 day!

  • Possible solutions and recommendations:

    • dapr.io (ack Cloud Native Computing Foundation project)
    • Use multi-region instead of multi-CSP for redundancy and simplicity.

Creating one-core application that works on multi-cloud is nearly impossible and unnecessary. (by chance)

  • multi-cloud solutions:
    • Terraform
    • Pulumi
    • Cloudify - an open source cloud and network functions virtualization (NFV) orchestration platform. Acting as a type of middleware, to provide users a simple way to deploy applications or services in a cloud computing environment.
  • vendor specific:

Links#

Related

Vuln Mgmt: From Context to Metrics
·221 words·2 mins
YT sans webcast vulnmgmt
From context to metrics in Vulnerability Management.
Status of the Clouds
·100 words·1 min
Posts cloud status
List of status pages for our cloud.
Infrastructure-as-Code (IaC)
·422 words·2 mins
Blogger 101 cloud iac devops gitops
How to move from Operations to GitOps?