Assessing the risk in public cloud – Darron Gibbard – Ep72

As the desire to integrate public cloud into our organisations IT continues to grow, the need to ensure we maintain control and security of our key assets is a challenge but one that we need to overcome if we are going to use cloud as a fundamental part of our future IT infrastructure.

The importance of security and reducing our vulnerabilities is not, of course, unique to using public cloud, it’s a key part of any organisations IT and data strategy. However, the move to public cloud does introduce some different challenges with many of our services and data now sitting well outside the protective walls of our datacentre. This means that if our risks and vulnerabilities go unidentified and unmanaged it can open us up to the potential of major and wide-reaching security breaches.

This weeks Tech Interviews is the second in our series looking at what organisations need to consider as they make the move to public cloud. In this episode we focus on risk, how to assess it, gain visibility into our systems regardless of location and how to mitigate the risks that our modern infrastructure may come across.

To help discuss the topic of risk management in the cloud, I’m joined by Darron Gibbard. Darron is the Managing Director for EMEA North and Chief Technology Security Officer for Qualys with 25 years’ experience in the enterprise security, risk and compliance industry, he is well placed too discuss the challenges of public cloud.

In this episode we look at the vulnerabilities that a move to cloud can create as our data and services are no longer the preserve of the data centre. We discuss whether the cloud is as high a risk as we may be led to believe and why a lack of visibility to risk and threats is more of a problem than any inherent risk in a cloud platform.

Darron shares some insight into building a risk-based approach to using cloud and how to assess risk and why understanding the impact of a vulnerability is just, if not more useful that working out the likelihood of a cloud based “event”.

We wrap up with a discussion around Qaulys’s 5 principles of security and their approach to transparent orchestration ensuring that all this additional information we can gather can be used effectively.

The challenges presented around vulnerability and risk management when we move to public cloud shouldn’t be ignored, but it was refreshing to hear Darron presenting a balanced view and discussing that the cloud is no riskier than any enterprise environment when managed correctly.

Qualys are an interesting company with a great portfolio of tools, including a number that are free to use and can assist companies of all sizes to reduce their risk exposure both on-prem and in the cloud, to find out more about Qualys you can visit www.qualys.com.

You can also contact Darron by email dgibbard@qualys.com or connect with him on LinkedIn.

Thanks for listening.

For the first show in this series then check out – Optimising the public cloud – Andrew Hillier – Ep71

Advertisements

Optimising the public cloud – Andrew Hillier – Ep71

 

The move to public cloud is nothing new, many companies have moved or attempted to move key workloads into the big hyperscale providers, AWS, Azure, Google and IBM, but for some it has been a mixed success.

Somethings of course move easily, especially if your initial forays into cloud are via software as a service platforms (SaaS) such as Microsoft Office365 and Salesforce, but if you’ve looked to move more customised, or traditional workloads this presents a whole set of new challenges.

We have probably all heard of cloud projects (or maybe even had projects) that have not gone to plan, this can be for a range of reasons, cost, technical difficulties, performance. There is a long list of reasons that cloud projects don’t go the way that’s expected. But at the heart of many of those projects is the presumption that cloud is both cheap and easy. It comes as quite the shock we we discover it isn’t!

However, things may be about to change as a new wave of technology companies are emerging that are starting to address, what is, the highly complex world of public cloud platforms. These companies are looking to extract some of the complexity away from the enterprise solutions architect and provide them with tools that assist them in their decision making and design, using a mixture of analytics, intelligence and human interaction to address the complexity of moving to the cloud.

This week is the first in a few shows where we look at the complexity of using public cloud and chat with some of the technology companies who trying to address some of these challenges by taking fresh approaches to the problem and aiming to make the cloud experience better, both technically and commercially.

In this first show I’m joined by Andrew Hillier, co-founder and CTO at Densify. Densify have taken a fascinating approach to the problem, built on Andrews long and strong analytics background.

Densify uses a robust analytics platform to build a full understanding of the workloads that have moved to the cloud, develop a performance profile then automatically modify those applications to fully take advantage of the cloud platform they are running on, ensuring they are optimised for the right services and right commercial cost models.

One particularly unique approach to their platform is the use of the Densify advisor, which then takes this analytics model and pairs it with a human being who works closely with their customer to take them through what the analytics platform has discovered and ensure that they understand any optimisation approach and its impact.

If that sounds interesting then dive in as we discuss a wide range of topics including why public cloud is complicated, why it should never be about the money alone, the limitations of first generation approaches to optimisation and how one of the biggest reasons cloud project fails is people buy the wrong cloud stuff!

Andrew provides some valuable insights and shares what is a pretty smart approach to the problem.

If you want to understand more about Densify you can visit densify.com

Find them on twitter @densify

Or on Instagram densify_cloud

Thanks for listening