Related Posts
McKinsey & Company Bain & Company Hi
I am currently looking for a job switch. I have worked for more than a year as a Data Analyst at a start-up. If anyone can help me out with a refferal it will be great.
McKinsey & Company Microsoft Boston Consulting Group Bain & Company Deloitte Deloitte USI
Additional Posts in Technology/IT Consultants
I am a Principal Solutions Architect with 13 YOE of which 5 years exp is with Biotech focusing on Public Cloud (AWS) & overall AWS exp. 9 years. I need suggestions /opinions if applying for a Senior Solutions Architect (Level6) at AWS makes sense or if I should aim for a Principal SA (level 7) role at AWS with Healthcare & Lifesciences industry experience. If it makes any difference, I worked for AWS ProServe as an external SA in the past. Any insights / feedback appreciated.
Amazon Web Services
New to Fishbowl?
unlock all discussions on Fishbowl.
That’s actually not exactly true, especially since public computing has advanced so drastically. Traditionally, anything you can control 100% has been considered “more secure.” Ironically though, many would argue that’s why it ISNT more secure...more room for error, less expertise, resources, etc.
The infrastructure may be more secure and the size/expertise of the cloud team more extensive, but it still comes down to the person/team rolling out the virtual systems/apps. No matter which model is your preference, you still need competent people at the controls.
This is the correct answer.
I would actually argue the opposite. The big cloud providers have armies of people and spend millions on securing their clouds. No way a private client could match that level of investment.
Due to unfamiliarity with the security models in place. This ultimately is a reflection of NIH syndrome and “if I can’t touch it, I don’t trust it” mentality.
All the capabilities and services to really secure your workloads are available in the public cloud but the problem is most companies / clients are too lazy to understand and apply them. Thus they end up in misconfiguration... leaving their infra or workloads exposed.
I specialize in Cloud Security at a large security vendor now. I can confirm what others have said. The cloud is not less secure, people just don’t know what they’re doing. There are different vectors to secure that people aren’t familiar with. A majority of breaches aren’t necessarily breaches but misconfigurations. Microsoft even had some of their own Azure infrastructure misconfigured recently. What I’m seeing is that people just aren’t trained well enough to build and operate in the cloud but there are tons of initiatives from top down to migrate to the cloud. I talk to CISO’s regularly and most are so lost when it comes to the cloud that it’s scary. Advice to everyone: drop what you’re doing and bust you’re ass learning the ins and outs of the cloud. It’ll pay off big time.
Thanks C1
It's the perception that "I have control of my network, but not the public cloud." One quick search of on premise data breaches easily disproves this perception
Ahh gotcha. Thought there was a technical reason that explained why this myth exists. Couldn’t it be that on prem resources could be paired with a private network? I know public services can create a software defined network.. but inevitably software can fail, correct?
“Private” networks are still software-defined. On-prem is usually an excuse to be lazy with security and stick to legacy familiar processes.
Also, I appreciate everyone’s responses.
The perception that the cloud is something floating around for anyone to grab vs on a machine I control. #stupid