Over a million developers have joined DZone.

There Is No Configuration That Stays Constant in the Cloud [Video]

DZone's Guide to

There Is No Configuration That Stays Constant in the Cloud [Video]

The beauty of the cloud is that it's always changing. See what challenges this can pose to keeping your data both organized and safe.

· Cloud Zone
Free Resource

Download the Essential Cloud Buyer’s Guide to learn important factors to consider before selecting a provider as well as buying criteria to help you make the best decision for your infrastructure needs, brought to you in partnership with Internap.

“If you don’t have a metric on something, how do you know what normal looks like?” asked Aaron McKeown, lead security architect and cloud security product owner for Xero in our conversation at the 2016 Black Hat conference in Las Vegas.

McKeown was quoting a well-known adage in the security industry pertaining to getting visibility in the cloud. You have to monitor everything in order to know what you have — and to know when you’re out of a normal sphere.

Falling out of normal happens a lot, said McKeown, because of configuration drift. Unlike your on-premise datacenter, the cloud is always changing. It’s impossible to keep settings static. Nor should you even try. At Xero alone, they have 45 AWS accounts, thousands of servers in the cloud, and hundreds of developers. Things change all the time, even minute by minute. Tracking the configuration of your environment, especially the drift, is very important.

“There’s a new normal in the public cloud,” said McKeown. “It’s not the same as the way things used to be.”

Everything can completely change in a week because AWS could release a new product into the market, and Xero’s developers have the option to use that new product the day it’s released. Being that’s the case, said McKeown, “We need to communicate inside our organization to insure that security is in the DNA of everyone that’s doing work on our platforms, and then we need to start having our different technologies, like CloudPassage and the other solutions that we have, talking to each other so that we can start aggregating that information up to a single pane of glass.”

More Than Just Shared Security. Extended Security.

When the discussion of “shared security” comes up, most think only about the relationship between the company and the cloud provider. But as McKeown points out, the concern and responsibility for security extend to their partners and the development team.

The group that really needs to understand that shared security responsibility relationship is the developers, said McKeown. “They must understand what is their responsibility, and what are those other partners and those vendors like Amazon going to do for them in terms of protecting the assets.”

The Cloud Zone is brought to you in partnership with Internap. Read Bare-Metal Cloud 101 to learn about bare-metal cloud and how it has emerged as a way to complement virtualized services.

public cloud ,architect ,security ,configuration

Published at DZone with permission of David Spark. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}