Do You Treat Your Cloud Like a Pet or Like Cattle?

It’s not the usual question people in IT confront as they set out to migrate applications to the cloud. But it gets to the heart of the challenge they face and the likely measures they’ll take to protect their workloads.

One thing that years of experience working in the security industry has taught me is the importance of first defining the types of users sitting across from me. So back to my original question about whether someone treats their workloads as pets or cattle.

If you fall among the kinds of people who tend, nurture and name their workloads for the long haul, you belong under the pets’ category. If you instead view this from a more short-term perspective - grow them, feed them, kill them off and eat them - then you’re a cattle person. In other words, if you design your workloads to be disposable and replaceable at any time, then they are a part of the herd. On the other hand, if you view your workloads to be unique and indispensable, then they are pets.

My point isn’t a literal one. But the difference between the traditional patch-and-maintain approach and the new repave over everything is an important one. Who are you and how are you going to behave in the cloud? More to the point, how do you want to behave in the cloud. How you answer those questions will go a long way to determining how to protect your data. Be honest with yourself on your state today, but know where you want to go in the future. You may transition to the cloud as a Pets person because that is all you know today. You may end the journey as a Cattle person as you lean in and learn more.

Smart Behavior in the Cloud Era

There’s no shortage of buzz around the emerging DevOps role - and no shortage of hype. You regularly find “experts” pushing the idea that everything has to be DevOps, DevOps, DevOps. For the record, DevOps is great but let’s not forget that traditional IT still exists in the cloud - and will continue to be there for the foreseeable future.

Ultimately the conversation should be around where a customer sits on the cloud maturity curve. Organizations find themselves at different points, some are just starting by lifting and shifting workloads to the cloud while others are further along and starting to realize the optimization that can be achieved in the cloud. They say geography is destiny. In the same way, where you find yourself on that curve will ultimately drive your behavior as well.

Too often, companies approach security and cloud adoption as separate projects, spinning up an environment and dealing with security as an afterthought. The problem with this approach is, it leaves you less secure and it will also slow you down. You lose the efficiency you gain when you automate and build-in instead of bolting-on.

No matter where you find yourself on the cloud maturity curve, security and cloud deployment go hand-in-hand.  Depending on how you treat your workloads, like pets or cattle, may impact how you secure your cloud, but it should never impact if you secure your cloud.

Whose Responsibility?

You need to think of security as a part of the planning stages of cloud deployment so that it informs the entire process and provides sufficient awareness and visibility of your workloads in the cloud.  You will need the right APIs and cloud integrated technologies to understand who is using the cloud, how they are using the cloud and what is in the cloud.

Gartner estimates that 95% of all cloud security failures are due to cloud misconfigurations. I can’t tell you how often I hear customers say, `Well, I’ll just put it out there and my cloud provider will take care of it. We don't have to worry about security.’ They ought to spin up a public facing server to test out that proposition and see how long it takes before an attacker starts messing with it. We are talking minutes to hours, not days or weeks.  

The fact is that the bad guys are sophisticated and know the IP schemes for the different cloud platforms. If you don't have proper security in place, you’re inviting a world of trouble.

Whether you treat your workloads like pets or cattle, it’s important to be thinking about how you will keep it secure. You may tend to your pets lovingly and give them good long lives. Or, you may lock your herd up so tight they don’t need to be looked after again until it is time to replace them all. Either way, you must have a security focus on the “beast” that best describes your style.