With Great Power of the Public Cloud Comes Even Greater Responsibility

Today's information technology world can feel like an ever-evolving list of buzzwords, but two very persistent themes include “public cloud migration” and “cybersecurity.” Public clouds offer innovative ways for businesses to migrate and transform how they operate to deliver value at vastly increased velocity over traditional approaches. Cybersecurity is often in the headlines when a data security breach impacts an organization, often resulting in highly significant problems for that business and its customers. 

These two also are interrelated: The public cloud has powerful new ways to deliver infrastructure that previously may have been protected by security layers as part of a corporate data center. For example, it is amazingly easy for a corporate development team to stand up a public-facing application server in the public cloud. However, the ease of going live so quickly can often foster a failure to consider the corresponding security risks of the public environment and the subsequent loss of many safety nets afforded by hosting in a corporate data center. 

As the saying goes, with great power comes great responsibility. 

Our goal is to leverage the public cloud's power, combined with a pragmatic and responsible security approach. 

All IT systems are faced with a multitude of threats daily from both internal and external sources. The ramifications of these threats range from an inconvenient disruption of services, defaced public presences and data loss, all the way to complete loss of IT systems and data. These threats can result in considerable fiscal losses and damage the credibility of whatever business they infiltrate. 

The ease of deploying applications to the public cloud is both a strength and a weakness. It is common to find an organization's initial cloud deployments to be either ad hoc or probative—an experiment that quickly transforms into a “production” before the public environment impacts and risks are fully considered, and before mitigation scenarios are planned. Once they are deployed, they might run security scans and analyzers, only to wind up with a giant list of issues to resolve but not knowing where to start. In that case, the “strategy” looks very much like triage: How do we keep our system live while addressing the most critical issues first? 

What corporate developers could really use is an effective way to leverage the public cloud's power in a way that includes a pragmatic and responsible security approach, which will keep information secure and readily available. Businesses need a guiding strategy to help them navigate the seemingly endless security findings so they can create a pragmatically secured system.

Better Strategy Begins with Guiding Principles 
Our team’s experience over many years and many projects has led to the implementation of three guiding principles that inform our security strategy. The primary guiding principle in developing a public cloud strategy is to imagine the conversations that could occur after something goes wrong before it actually does. For example, consider what might be a worst-case scenario to a public cloud data security threat coming to fruition, such as a catastrophic data loss event.

Which conversation would you rather have with your company executive after being impacted by a cybersecurity issue in the public cloud: 

“Yes, we had a considerable data loss, and the systems are down. Unfortunately, we are not sure if we can get data restored as we don't have or haven't tested the back-ups.”


“Yes, we had a considerable data loss, and the systems are down. However, we have begun the pre-planned manual restoration process and expect restoration in two hours.” 

The appeal of the second conversation is easy to recognize even before a loss event or security issue ever takes place. Is having this kind of conversation ideal in the first place? Of course not, but it is a much better scenario than the first conversation.

In the age of DevOps and automated everything, why would we suggest a manual restoration process specifically in the example conversation above?

That question can be answered by our second guiding principle: Get a manual data restoration procedure or tool chain in place that does not rely on automations or intricate tools. Then make sure this manual procedure works reliably through integrity testing and that it is available for use before finally automating and streamlining the effort end to end.

The third and final guiding principle is to develop a plan of action within an effective change model. Fundamentally, the full benefits of the public cloud are only recognized when an organization changes many of its IT approaches. As anyone who has been through multiple large organizational changes understands, success is not guaranteed. Cybersecurity in the public cloud is no exception. To improve our chances of success, we want to operate in a model that has instituted positive organizational change.

We have for the most part adopted the Kotter Change Model. While the Kotter Change Model is written in the context of organizational change, this model lends itself to the contemporary approaches of iterative and incremental development of systems. Using this framework, organizations can devise a plan to build a pragmatic security posture for workloads deployed on the public cloud.

This is a broad topic that gets to the tactical implementation of a security strategy. As such, we’ll save those details for another blog post, but just touching on one of the steps in the Kotter Change Model can help illustrate how it applies to this strategy: Build a guiding coalition. 

That coalition, or cross-functional team, should include security professionals and the equally important application developers who can safely implement needed changes. By leveraging a well-established change model and applying that to a focused effort to improve  public cloud security, organizations have a practical and proven path forward.

We will have a future post describing the Kotter Change Model in more detail, with a concrete example of how Google's Security Command Center is being used at Woolpert to help us establish, implement and maintain effective cloud security controls.

Nathan Wilhelmi

Nathan Wilhelmi is a computer programmer, technician and analyst who serves as the lead site reliability engineer for Woolpert Cloud Solutions. Wilhelmi is a Google Professional Cloud Architect, Cloud Network Engineer and Security Engineer.