Next, everyone will want to run distributed monoliths (which are actually microservices). Then they remembered Netflix still runs microservices. Then Prime Video moved their monitoring from microservices to a monolith, and everyone thought monoliths were the real answer. Then everyone realized microservices are actually hard (again!) Then serverless brought back microservices (as if you couldn't do regular services with serverless.) Then everyone realized microservices are actually hard (surprise!) Then microservices became a thing, and everyone thought that was the pinnacle of architecture. In comes Service Oriented Architecture (SOA). Then apps started outgrowing servers, and people started thinking about distributed computing. You set up a server and ran an app, and that was it. Software architecture is cyclic, and it's cycling back to monoliths.ģ decades ago, monoliths were all the rage. The pragmatic side of that argument sounds like this: Manage the things that you have the budget to staff appropriately.Ĭhances are: You will never see an on-prem personnel budget ever again so you need to make logical decisions for FY23/24 & beyond. Keep in mind that humans are the weakness that keeps on giving opportunities for financially motivated threat actors to monetize. Is the cloud just “somebody else’s computer”?Įssentially, it is and you will always have more control managing your own resources beginning to end. That combination of perimeter security methodology and technical debt is what fuels the entire Ransomware as a Service market that is still growing today. □Breaking news: Firewalls with humans that like to click links behind them rarely prevent/detect malicious activities. The technical teams are led to believe that “we don’t need to worry about security because the firewalls will stop everything evil.” On-prem environments tend to trust Firewall vendors and the security promises they tell so the customer networks become “crunchy”. Most cloud environments can be completely managed as code. Most on-prem environments are full of clickops technical debt. (We’re not dealing with 90-day average dwell times in 2023) Humans are the weakest link and Sally in accounting clicking a fun link normally gets everything rocking Salsa encryption faster than you would imagine. On-prem environments normally share network & IAM environments for Server workloads & user Workstations. On-prem infrastructure typically = Active Directory dependent and that’s the worst possible IAM in 2023 because it lets everyone (with a clear shot at it) to auth and escalate. Infrastructure debt is real thing and if your Infrastructure only gets updated when some integrator sells you on the next round of hardware upgrades that happens to include new software, that’s a 36-60 month window that generates a level of cyber risk that you cannot fully quantify. I have mountains of disrespect for every vendor that preys on those ignorant minds because I’ve seen it too many times at this point.įor me, these are reasons why “the cloud” is more secure than traditional on-prem infrastructure:īy definition, it’s always modern and is constantly updated. I am very thankful that I do not find myself in many on-prem vs cloud debates much anymore where some internal admin goes out to lunch with some hardware vendor too much (I’m looking at you Nutanix) and is convinced they can save the world by convincing everyone to move all workloads back to a datacenter/colo because they are only looking at hard opex cost. □Why are cloud environments more secure than on-prem environments?įull disclosure: I’ve been cloud 1st since 2013 but the first 10 years of my technical career was 100% on-prem and I have the scar tissue and wild ass stories to prove it.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |