m Cloud concepts
- jim mason
- jimm1
- Jim Mason
Key Points
References
Key Concepts
eweek - compare AWS Azure GCP clouds - summary
https://www.eweek.com/cloud/at-a-high-level-aws-vs-azure-vs-google-cloud
Pricing is an Important Differentiator
One area where there is a notable difference between the two market leaders is in pricing. AWS uses a pay-as-you-go model and charges customers per hour—and they pay for a full hour, even if they use only one minute of it. Azure also follows a pay-as-you-go model, but it charges per minute—a way more exact pricing model than AWS. Google Cloud also follows a to-the-minute pricing process.
Many experts recommend that enterprises evaluate their public cloud needs on a case-by-case basis and match specific applications and workloads with the vendor that offers the best fit for their needs. Each of the leading vendors has particular strengths and weaknesses that make them a good choice for specific projects.
Let’s define these three humongous cloud service companies.
Let’s Start from the Beginning: What is AWS?
Amazon Web Services (AWS) is a cloud service platform from Amazon, which provides services in different domains such as compute, storage, delivery and other functionality which help the business to scale and grow. AWS utilizes these domains in the form of services, which can be used to create and deploy different types of applications in the cloud platform. These services are designed in such a way that they work with each other and produce a scalable and efficient outcome. AWS services are categorized into three types: infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS). AWS was launched in 2006 and become the most-purchased cloud platform among currently available cloud platforms. Cloud platforms offer various advantages such as management overhead reduction, cost minimization and many others.
AWS: Pros and Cons, Based on User Feedback
PROS: Amazon's single biggest strength really turned out to be the fact that it was first to market in 2006 and didn’t have any serious competition for more than two years. It sustains this leadership by continuing to invest heavily in its data centers and solutions. This is why its dominates the public cloud market. Gartner Research reported in its Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, that "AWS has been the market share leader in cloud IaaS for over 10 years." Specifically, AWS has been the world leader for closer to 13 years, or ever since it first launched its S3 (Simple Storage Service) in fall 2006.
Part of the reason for its popularity is certainly the massive scope of its global operations. AWS has a huge and growing array of available services, as well as the most comprehensive network of worldwide data centers. Gartner has described AWS as “the most mature, enterprise-ready (cloud services) provider, with the deepest capabilities for governing a large number of users and resources."
CONS: Cost and data access are Amazon's weaknesses. While AWS regularly lowers its prices—in fact, it has lowered them more than 80 times in the last several years, which probably means they were too high to begin with—many enterprises find it difficult to understand the company's cost structure. They also have a hard time managing these costs effectively when running a high volume of workloads on the service. And customers, beware: Be sure you understand the costs of extracting data and files once they are in AWS’s storage control. AWS will explain it all up front for you, but know that it’s a lot easier to start a process and upload files into the AWS cloud and access apps and services than to find data and files you need and move them to another server or storage array.
In general, however, these cons are outweighed by Amazon's strengths, and organizations of all sizes continue to use AWS for a wide variety of workloads.
What is Microsoft Azure?
Azure is a cloud service platform designed and built by Microsoft and launched in 2010. It competes directly with AWS by providing services in domains such as compute, storage, database, networking, developer tools and other functionality which enables organizations to scale and grow their businesses. Azure services are categorized as platform as a service (PaaS), software as a service (SaaS) and infrastructure as a service (IaaS). They all can be used by developers and software employees to create, deploy and manage services and applications through the cloud. Services can include financial, human resources, scientific, retail, media and numerous other use cases. Azure, thanks largely to Microsoft’s deep and wide installed base of business applications throughout the world, has emerged fairly quickly as one of the largest and most successful commercial cloud service providers. It offers a wide range of integrated cloud services and functionalities, such as analytics, computing, networking, database, storage, mobile and web applications that seamlessly integrate with enterprise environments in order to achieve efficiency and scalability.
Azure: Pros and Cons, Based on User Feedback
PROS: Microsoft came late to the cloud market (in fact, four years after AWS) but gave itself a jump start by taking its popular on-premises business software–Windows Server, Office, SQL Server, Sharepoint, Dynamics Active Directory, .Net and others–and repurposing it for the cloud.
A big reason for Azure’s success is obvious: So many enterprises deploy Windows and other Microsoft software. Because Azure is tightly integrated with these other applications, enterprises that use a lot of Microsoft software often find that it also makes sense for them to use Azure. This builds loyalty for existing Microsoft customers. Also, if you are already an existing Microsoft enterprise customer, you can expect significant discounts off service contracts. Those are often non-trivial savings; just ask any CFO!
CONS: Gartner has had some reservations about the makeup and design of the platform. "While Microsoft Azure is an enterprise-ready platform, Gartner clients report that the service experience feels less enterprise-ready than they expected, given Microsoft's long history as an enterprise vendor," the researcher said. "Customers cite issues with technical support, documentation, training and breadth of the ISV partner ecosystem."
This doesn’t happen with all customers, but there are enough unsatisfied users that their objections must be taken into account.
What is Google Cloud?
Google Cloud is a cloud computing platform developed by Google and launched in 2008. It was written in Java, C++, Python including Ruby. It also provides the different services that are IaaS, PaaS and Serverless platform. Google cloud is categorized into different platforms, such as Google App Engine, Google Compute Engine, Google Cloud Datastore, Google Cloud Storage, Google Big Query (for analytics) and Google Cloud SQL. Google cloud platform offers high-level computing, storage, networking and databases. It also offers different options for networking, such as virtual private cloud, cloud CDN, cloud DNS, load balancing and other optional features. It also offers management of big data and Internet of things (IoT) workloads. Cloud machine learning engine, cloud video intelligence, cloud speech API, cloud Vision API and others also utilize machine learning in Google cloud. Suffice to say there are numerous options inside Google Cloud, which is most often used by developers, as opposed to line-of-business company employees.
Google Cloud Platform: Pros and Cons Based on User Feedback
PROS: You can count of Google’s engineering expertise. Google has an exemplary offering in application container deployments, since Google itself developed the Kubernetes app management standard that AWS and Azure now offer. GCP specializes in high-end computing offerings such as big data, analytics and machine learning. It also provides considerable scale-out options and data load balancing; Google knows what fast data centers require and offer fast response times in all of its solutions.
CONS: Google is a faraway third-place in market share, perhaps because it doesn't offer as many different services and features as AWS and Azure. It also doesn't have as many global data centers as AWS or Azure, although it is quickly expanding. Gartner said that its "clients typically choose GCP as a secondary provider rather than a strategic provider, though GCP is increasingly chosen as a strategic alternative to AWS by customers whose businesses compete with Amazon, and that are more open-source-centric or DevOps-centric, and thus are less well-aligned to Microsoft Azure."
This is a high-level comparison of the three major cloud service leaders here in mid-2019. We will be updating this article with new information as it becomes available, and eWEEK will also be examining in closer detail the various services—computing, storage, networking and tools—that each vendor offers.
Cloud Security Concepts
cloud security concepts dzone
cloud-security-dzone-2202-w_defa3108.pdf file
cloud-security-dzone-2202-w_defa3108.pdf link
finserv-cloud-security-101-2023.pdf link
finserv-cloud-security-101-2023.pdf file
TOC
01 Securing customers' money in a cloud-first world..............3
02 Key cloud security solution categories: CSPM,
CIEM, and CWPP
03 What is CSPM?.
04 What is CIEM?
05 What is CWPP?
What is CNAPP?.
CNAPP has you covered.
Six key considerations when evaluating a cloud security solution
#1 Choose an agentless + agent based approach for comprehensive protection
#2 Manage configuration and permission risk..
#3 Identify and prioritize vulnerabilities from source to run........
#4 Enable cloud security monitoring with audit logs.........
#5 Implement runtime detection and response..
#6 Map to the MITRE ATT&CK framework............
Potential Value Opportunities
Potential Challenges
Cloud Short-term vs Long-term Benefits, Costs
https://www.zdnet.com/article/cloud-sticker-shock-were-spending-way-too-much/
Good for startups to lower devops, infrastructure costs BUT
- cloud custom services have a learning
- create cloud vendor locking requiring costs to move applications later ( vs open-source standard stacks with lower migration costs )
- as firms grow, efficient management of services can compete on costs with better flexibility, control than cloud providers in many cases
cloud-enterprise-hybrid-cloud-adoption-management-2024-short.pdf. link
cloud-enterprise-hybrid-cloud-adoption-management-2024-short.pdf file
concepts
strategies
myths
tips
Build Run Pipelines in the Cloud
https://www.linkedin.com/pulse/overview-security-postures-azure-aws-christophe-parisel/
build-run-concepts-2019-linkedin.com-An overview of security postures in Azure and AWS.pdf
Candidate Solutions
ATARC - Advanced Tech Architecture Research Council
Government systems technology focus
NIST - National Institute of Security Technology - issues bulletins on recommended security practices and alerts
FIPS 140.2 - Security Basics Compliance Recommendations for IT systems
Fedramp = standard for security assessment, authorization, monitoring
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant Agency security assessments.
Yes, FedRAMP is mandatory for Federal Agency cloud deployments and service models at the low, moderate, and high risk impact levels. Private cloud deployments intended for single organizations and implemented fully within federal facilities are the only exception.
CSA - Cloud Security Alliance - Security, Trust, Assurance and Risk (STAR)
Security, Trust, Assurance and Risk (STAR)
The industry's most powerful program for security assurance in the cloud.
The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.
STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Publishing to the registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to. It ultimately reduces complexity and helps alleviate the need to fill out multiple customer questionnaires.
Level 1 - self assessment with cloud security standards
Level 2 - audited proof of compliance with cloud security standards
Which organizations should pursue level 2?
Organizations should pursue this level if they are...
- Operating in a medium to high risk environment
- Already hold or adhere to the following: ISO27001, SOC 2, GB/T 22080-2008, or GDPR
- Looking for a cost-effective way to increase assurance for cloud security and privacy.
Step-by-step guide for Example
sample code block