# Cloud Architecture and Security



## 31818 (Oct 29, 2014)

aroq said:


> I'm a site reliability engineer who works on and maintains websites all day, and I happen to specialize in cloud architecture and data security/integrity.


Now you have my attention! I admit that I have a perhaps unjustified, innate distrust of storing my data on the "Cloud." I just don't trust that my data is secure there because I fear that the Cloud can be hacked and data compromised. Instead, I store my sensitive data on a portable backup device. However, I will be the first to admit there are pros and cons to that method too!

So, any advice or perspective on securing personal data (bank, tax returns, receipts, legal documents and records, photos, etc.) would be much appreciated. Thank you.



> On a side note, I find it super curious that we need to put two posts in the same forum introducing ourselves. The engineer in me just can't think of a single reason how that would prevent spam, as any automation to allow one to post one spam post can just as easily be slotted to post twice.


I am NOT qualified in website security to either agree or disagree with you. But I can give you some background. VerticalScope is a company with corporate headquarters in Toronto, CA. They own around 1100 different social media websites. They employ around 300 people (I suspect most of them work from home). I know they employ a staff of security technicians. It appears that all their sites use the "two posts" protocol in some sort of introductory format in order to "help fight spam." I can say, in my opinion, that it appears to be mostly successful on Havanese Forum, BUT it is very labor intensive on the part of the Forum moderators (and I have been very busy this morning starting at 0500), who are the gatekeepers. On HF we get about 4 new member sign ups per day. On average about 25% are probably spammers, 25% are people who are legitimate and go on to be productive members, and 50% just lurk permanently. Those 50% are the ones I question because why are they here? they could just as easily lurk as a non-member "guest.." Just for perspective, there are about 100 to 200 times the number of guests on line at any one time as there are HF members on line.

I will not disclose the details of what's in the "moderator toolbox" (to protect site security) but they are a bit more sophisticated than you might think or expect. Would a "Captcha" protocol to thwart spammers be more effective? Perhaps, I don't know.

HF moderators have no control over VS security protocols. Your questions and concerns are best addressed to VS directly. I suggest you post your comments in the "Site help and suggestions" forum OR contact VS directly using the "Contact us" link at the bottom of this page.  👇 I'm all for anything and everything that will make this site even better.


----------



## aroq (Dec 14, 2018)

I share some of your native distrust with the security of data in the cloud, but just as computer hardware evolves and expands, the security and reliability of the big three in cloud computing (AWS, Microsoft Azure, and Google Cloud) has grown by leaps and bounds. 
If you look at many of the big data breaches in recent memory there is a common thread, which is the attack vector initially are servers on premises, with software that hasn’t been patched or updated properly.
The difference can be pretty stark in terms of ease of identifying and mitigating active vulnerabilities. A pretty typical example would be the log4j vulnerability discovered about a month ago. This logging framework is used EVERYWHERE, and mitigating it in the cloud was almost trivial, running a scan for the vulnerability and then mitigating then one by one. Contrast that with process in or on prem servers, which we can also scan, but there are hundreds of servers, not all fully documented, and not centrally registered like in the cloud. What keeps me up at night is the server that no one knows about sitting in a rack somewhere that’s exposed publicly through some one off change years ago. We scan our publicly facing servers for vulnerabilities multiple times a day but it’s easily twice as time consuming as in the cloud, and much more prone to missing something.


----------



## Cassandra (Dec 29, 2015)

I have always found the casual reference to data being stored “in the cloud” to be slightly amusing. It really just means it is “stored” on someone else’s computer (called a server). i have a simlar reaction to the increasing use of “doesn’t pencil” referring often to some kind of construction type project. What it really means is that the developer won’t make enough profit to justify the project...ah, language!


----------



## 31818 (Oct 29, 2014)

And then there is always, "that dog won't hunt." Never could figure out that analogy.


----------



## aroq (Dec 14, 2018)

Yes, there's a lot of IT division memes talking about that, my favorite was this one:








But the IT person is triggered by it a little, because it really depends on the use case, and people will always overhype the new "hot and sexy" computing trends... yes, there are hot and sexy trends in computers. There are things that really don't belong in the cloud, and there are use cases that are perfect for the scalability and responsiveness that cloud architecture gives. A great example of using the cloud's strengths is services that have highly variable demand. Here's example of one of the web traffic overview for the last three months for one of my sites I maintain the infrastructure for:








Here you can see the number of pageviews drops almost by half over the weekends, so we have an algorithm that autoscales the number of servers down based on the current demand, and also will add additional cloud resources when our demand peaks, like the black friday bump that pushed pageviews higher than normal. In a traditional datacenter, I'd need to build out infrastructure to cope with that peak demand, and for most of the year that extra capacity would be unutilized. The cloud allows you to scale up and down minute by minute and pay for resources as you need them. On the other hand, if you have a service that has a consistent and high demand, it generally is cheaper and more cost effective to build out infrastructure in your own datacenter. I know this a long and overly explained post, but ElizabethEva is tired of hearing about it , and I love talking about it.


----------



## Cassandra (Dec 29, 2015)

love the meme! Don’t get me wrong, I love computers and everything they do and “the cloud” provides even more things. i learned lots of stuff years ago on a commodore 64 (early 1980s) before there was an internet (sort of..Al Gore was still working on it) and we did dial ups to message boards via telephone lines and heard that grinding sound when the two computers met via copper wires. And there was no such thing as windows or IOS...ah, the good old days (not). I have a lot of computer geeks in my family and live in Silicon Valley so often marvel at the advances still being made.


----------



## krandall (Jun 11, 2009)

Cassandra said:


> love the meme! Don’t get me wrong, I love computers and everything they do and “the cloud” provides even more things. i learned lots of stuff years ago on a commodore 64 (early 1980s) before there was an internet (sort of..Al Gore was still working on it) and we did dial ups to message boards via telephone lines and heard that grinding sound when the two computers met via copper wires. And there was no such thing as windows or IOS...ah, the good old days (not). I have a lot of computer geeks in my family and live in Silicon Valley so often marvel at the advances still being made.


When I worked at the bank, we had to restart our computers with paper tapes.  I was SOOOO excited when I got my SELECTRIC typewriter!!! My husband was the chairman of the "Microcomputer Committee" here in Boston, and the first computer that "followed him home" was an Osborne. His Master Thesis Bucknell was "Prevention of Computer Fraud, and the conclusion was, "You can't." Even then. LOL!


----------



## mudpuppymama (Mar 24, 2012)

When I went to school to become a computer programmer, we typed our programs on a keypunch machine. Our greatest fear was dropping the huge boxes of keypunch cards (our program) and never being able to get them back in order.


----------



## EvaE1izabeth (Nov 14, 2017)

aroq said:


> I know this a long and overly explained post, but ElizabethEva is tired of hearing about it , and I love talking about it.


I can only maintain interest in complicated technical information for so long. Tell me how it relates to my Havanese, and you might have my attention  Everything changes in IT anyway.


----------

