Go Do Cloud … The Perfect Digital Toolbox in Building The Future
Go Do Cloud … The Perfect Digital Toolbox in Building The Future
Cloud Computing is amazing!
An apology
Let me start with an apology. I apologise for the graphic of some clouds for Cloud Computing in this article. Why? Because like cybersecurity - where there are often graphics of young male persons with hoodies looking at some JavaScript code on multiple screens in dimly light rooms — there are very few good representations of Cloud Computing in a photographic form.
So, you will have to do with a few clouds. Anyone, I’m from Scotland, and I love clouds .. they are beautiful and bring life to our world.
Introduction
We live in a legacy digital world. We created something in the 1980s, that we have never freed ourselves from. The digital world of the client-server infrastructure is a static one, and, if we need more resources, we just scale up what we have, with more servers, more disks, and more memory. It is an old digital world. Our core understanding is that a box, and that data is a whole lots of disks that sit in our server room. That’s the way the Internet grew — by buying things we could touch and feel. It made us feel good when we created server rooms with beautiful brands such as Cisco, Dell and IBM. As they say, “No-one was ever fired, by buying IBM”.
And, so, I read every day about the great advancements in machine learning, cybersecurity, and data science, but I never read anything that is remotely interesting about something that is of greater importance than all of these: Cloud Computing. In fact, virtually everything I read about Cloud Computing is so boring, and typically involves defining the difference between an on-premise cloud and a public cloud, and then talking about the cloud as if it is just a thing that you either have or you don’t. And, if you want a bit of both, you then have a hybrid cloud. In fact, it sounds a bit like just picking our Internet Service Provider, and you have “cloud”.
And, so, it makes me wonder why people often write about Cloud Computing in such a boring way and ignore its excitement, its opportunities, and its recent advances. To me, it is one of the most exciting areas of technology and gives you access to things that you would never imagine would be possible. To me, being a cloud architect must be one of the best jobs in technology, and have so many opportunities for the future. Whatever someone wants for their digital systems, the Cloud architect has the tools to build it. And, like an Architect, every time they build something, they get a little better at building them.
Almost infinitely customizable
To me, it is the most adaptable machine ever created. It is like buying a car, but where the car is split into its smallest logical elements (obviously these components must all be compatible with each other so that limits our choices). Some components are also dismissed, as they are not just any good, and not worth the time adding.
So, we end up with components from any manufacturer and can build any car we want. In fact, we are given control of the making of the car, and to make our own design for the car, and customize it whenever we create it. And, if we want (and can afford it), we can manufacture any number of cars that we want, and at any time we want them. It’s a just-in-time approach. And, when we are finished with the cars, we can dispose of them. The cost of the car can be ours, or for the customer, we just define our base costs, and then the running costs.
You can program it in virtually every computer language that is possible. You can drive it from the command line. And, if you love using GUIs, you can just click and go! You can log virtually every event, and trigger in virtually every way you want. From a cybersecurity and digital forensics point-of-view, it provides an almost infinite number of tracking points, and when integrated with server logs, it gives full timelines around incidents.
A whole world of opportunity
When I access my AWS console, I have access to a whole world of new and exciting investigation areas:
Not just a bunch of servers in the Cloud
But, still many just think it is a whole bunch of servers in the Cloud, and it’s just the same as we have with physical servers. No, it’s the most amazing digital toolbox ever created. I can have it (nearly) all managed by myself for patches and updates, or I can have partially managed or I can leave it to AWS. I can generate encryption keys for myself, and keep them on my site, or on AWS’s site, or I can just use AWS’s keys. The whole concept of the public key is wonderful, and where virtually everything is configurable to customize to the customer. There’s no one-size-fits-all.
It’s a digital toolbox
The public cloud has changed so much over the past decade, and there are great advances related to IoT, satellite data, ML, blockchain, and so much more. Overall, I spent years in data centres installing and upgrading our servers (for our vSoC infrastructure), and so the move to the public cloud is a dream. With a click, I can back up the whole of a server (where I used to have to do with tape drives). To me, it is such an exciting area where you can build whole system architectures for compute, data and networking. There is nothing holding anyone back from building products and services that can compete with the mightiest of companies.
Teaching
One of the best things I ever did in my teaching was the move to the public cloud. With a few lines of code, any user can build the computing infrastructure of a large company. Never in history has an individual had such an opportunity to compete against companies that have a massive investment in staff and resources.
For the next academic year, I’ve moved all of my labs into AWS, and now have complete control over the whole environment. Every student gets the same infrastructure, and each lab will work like clockwork. A lab that once involved the installation and setup of Linux and Windows servers with firewalling and server setups that would take many hours can be done in less than two hours.
I would struggle to teach cloud computing as a topic, and in the same way I have with teaching software development. It is just too generic to teach fundamentals. But, it is the application of it, that really brings it alive. My passion is teaching cryptography and encryption, and the public cloud can bring things alive.
I can now teach the fundamentals of cryptography, and at the end of each lab, we move to the public cloud and apply these principles in protecting data. I can show how RSA and ECDSA can be used to sign messages, and where we can do it with Python or from the command line. For symmetric key encryption, apply our keys into encrypting data buckets, or to also encrypt messages. In fact, virtually everything I cover from a theoretical point of view can be integrated within an AWS lab. To me, things come alive when you understand the theory, and then apply it. To just know the theory or just the practice, is often not enough to really understand something.
And cost …
Yes. You buy hardware and you install it. You can touch and feel your purchase. It’s CapEx. But, it's yours to underuse in the evenings, or on the holidays. It is yours when you have to add backup systems. It's yours when you have to create resilience from failover. And it’s yours to provide electrical power and fix it when it breaks.
With the public cloud, it’s all about load balancing, and it’s one of the first lessons in the Cloud. Basically, you optimize for demand, and you pay for the demand. So, if your servers are not needed so much in the evening, you turn them off. If data is not being used, then put it into cold storage. When you use the public cloud, you soon understand where your core costs are, and how you can trim them. It’s all about getting the right resources within the right cost region. With CapEx, you buy, and hope. Once you have bought, it’s too late to realise that you have over-specified your setup.
Getting the architecture right
At the core of costs is getting the architecture correct, and knowing where to put your resources. Everything within the infrastructure can be dynamic, and automatically change depending on the circumstances. But, it can also be static, and where we have a dependable setup that does need to change. And, of course, there’s a whole spectrum in-between.
When it comes to a basic architecture, a large WAF (Web Application Firewall) at the front end does a good amount of the filtering of the incoming traffic, and can catch many of the blunt attacks on a network. We can then go through layers of security before we end up at the core of the infrastructure. At each point, we can detect possible intrusions. We then create gateways that allow us to filter the traffic, and each gateway gives us a chance to segment the architecture into manageable elements. Each gateway, too, becomes a checkpoint for security checking and logging.
Understanding resilience
At the core of the public cloud is understanding your users: employees, customers, and the general public. For this, we need to make sure we place the resources where and when we need them, and that we integrate resilience into every part of the infrastructure. A six 9’s approach means that we might aim for an uptime of 99.999999% of the time. I moved from my bare metal servers to AWS as I grew tired of the hosting company continually taking my hardware offline, and having localized problems. They charged me a great deal to make back-ups of my system and left me with old hardware. Within the public cloud, I can place my resources whenever I want in the way, and automatically failover when there’s a problem in one region.
And “How Well Am I Doing?”
So, what is the payback, and how’s it doing? Well, the statistics are there for virtually every analytic you want. What’s the peak time for users? Where in the world do they come from? What’s our most popular product? Virtually every performance metric is there, and just ready to be captured. In fact, put Splunk on the case, and you can provide a dashboard for your security architecture, your network engineers, your marketing department, your sales department, and your CEO.
Go do Cloud …
I would strongly recommend to any student that they should pick up as many cloud skills as they can, as it is the future for cybersecurity, software development, and virtually every other area of technology. Go learn Cloud … properly!
Here’s my Cloud content on the AWS Cloud Fundamentals module:
And, so, I must praise the BBC World Service, for covering Cloud: