1
00:00:00,490 --> 00:00:02,800
<v ->Cloud-based infrastructure.</v>

2
00:00:02,800 --> 00:00:06,160
Now, most organizations see their future in the cloud,

3
00:00:06,160 --> 00:00:08,190
but it's actually a riskier choice

4
00:00:08,190 --> 00:00:10,080
than traditional client/server applications

5
00:00:10,080 --> 00:00:12,540
running on a local network in most cases.

6
00:00:12,540 --> 00:00:14,570
If you don't configure the cloud properly,

7
00:00:14,570 --> 00:00:16,760
you can have a lot of danger.

8
00:00:16,760 --> 00:00:19,000
Now, you can configure your cloud to provide

9
00:00:19,000 --> 00:00:20,560
just as great security

10
00:00:20,560 --> 00:00:22,960
as your traditional client/server applications.

11
00:00:22,960 --> 00:00:25,010
But it does take some knowledge.

12
00:00:25,010 --> 00:00:25,910
This is what we talk about

13
00:00:25,910 --> 00:00:27,730
when we talk about cloud infrastructure.

14
00:00:27,730 --> 00:00:28,960
We need to make sure that we're doing

15
00:00:28,960 --> 00:00:31,300
our infrastructure management properly and configuring it

16
00:00:31,300 --> 00:00:34,020
to the same level of security as a local solution.

17
00:00:34,020 --> 00:00:36,220
Now, one of the biggest places that we have to think about

18
00:00:36,220 --> 00:00:40,040
when we do this is virtual private clouds or VPCs.

19
00:00:40,040 --> 00:00:42,210
Just like you can use your virtual private networks

20
00:00:42,210 --> 00:00:44,670
to connect your home users back to your corporate network

21
00:00:44,670 --> 00:00:46,120
and give them those protections

22
00:00:46,120 --> 00:00:47,860
underneath that corporate umbrella,

23
00:00:47,860 --> 00:00:49,990
virtual private clouds can be configured

24
00:00:49,990 --> 00:00:52,580
as a private network segment made available

25
00:00:52,580 --> 00:00:55,600
to single cloud consumers within a public cloud.

26
00:00:55,600 --> 00:00:57,900
This is a way that we give security.

27
00:00:57,900 --> 00:01:01,620
VPC is considered an infrastructure as a service product,

28
00:01:01,620 --> 00:01:03,570
so if you're using something like AWS,

29
00:01:03,570 --> 00:01:05,860
they have a virtual private cloud service.

30
00:01:05,860 --> 00:01:06,710
If you're using Azure,

31
00:01:06,710 --> 00:01:09,130
they have their virtual private cloud service.

32
00:01:09,130 --> 00:01:11,090
And virtual private cloud services

33
00:01:11,090 --> 00:01:13,530
let you provision virtual servers and appliances

34
00:01:13,530 --> 00:01:17,090
within a virtual network that's hosted on a public cloud.

35
00:01:17,090 --> 00:01:19,080
So, we can try to get some of that security

36
00:01:19,080 --> 00:01:22,490
of a private cloud without all that extra expense.

37
00:01:22,490 --> 00:01:25,310
Now, is this as secure as a private cloud?

38
00:01:25,310 --> 00:01:28,300
No, because we're still using shared hardware

39
00:01:28,300 --> 00:01:30,130
and there could be issues like data remnants

40
00:01:30,130 --> 00:01:31,210
being left behind on a server

41
00:01:31,210 --> 00:01:33,090
from being provisioned or deprovisioned.

42
00:01:33,090 --> 00:01:36,300
But, from a networking perspective and a privacy perspective,

43
00:01:36,300 --> 00:01:40,430
you can get equivalent levels of protection using VPC.

44
00:01:40,430 --> 00:01:42,620
Now, as a consumer, you're responsible

45
00:01:42,620 --> 00:01:45,050
for configuring the IP address space and routing

46
00:01:45,050 --> 00:01:48,360
within that cloud when you do virtual private clouds.

47
00:01:48,360 --> 00:01:50,170
You're going to handle all the administration,

48
00:01:50,170 --> 00:01:52,500
all of the security aspects of running the network,

49
00:01:52,500 --> 00:01:54,190
just as if it was your own.

50
00:01:54,190 --> 00:01:55,990
You're going to have to do all the software installation,

51
00:01:55,990 --> 00:01:57,990
all the patching, all the account management,

52
00:01:57,990 --> 00:02:00,440
all the loan balancing, all the disaster recovery,

53
00:02:00,440 --> 00:02:02,970
all the security monitoring, all the backups.

54
00:02:02,970 --> 00:02:04,440
All of that has to be configured

55
00:02:04,440 --> 00:02:06,530
because when you're doing a virtual private cloud,

56
00:02:06,530 --> 00:02:09,100
it's essentially like you own these servers.

57
00:02:09,100 --> 00:02:11,730
The only difference is you don't actually own the servers

58
00:02:11,730 --> 00:02:14,070
and you don't have access to the physical hardware.

59
00:02:14,070 --> 00:02:17,210
Instead, you're going to be able to use these different servers

60
00:02:17,210 --> 00:02:20,440
and spin them up and spin them down whenever you need to,

61
00:02:20,440 --> 00:02:23,490
meaning, provisioning them or deprovisioning them.

62
00:02:23,490 --> 00:02:25,900
Now, when we talk about a virtual private network,

63
00:02:25,900 --> 00:02:28,950
it's hosted on publicly-available cloud services.

64
00:02:28,950 --> 00:02:30,930
This is things like Amazon Web Services,

65
00:02:30,930 --> 00:02:33,350
Microsoft Azure, Google Cloud.

66
00:02:33,350 --> 00:02:36,590
But you're going to be isolated from other customers' instances

67
00:02:36,590 --> 00:02:40,350
using technologies such as virtual LANs or VLANs

68
00:02:40,350 --> 00:02:42,150
and you can also use other things like this

69
00:02:42,150 --> 00:02:44,630
as you're building out your virtual private cloud.

70
00:02:44,630 --> 00:02:47,540
Now, like I said, a virtual private cloud doesn't give you

71
00:02:47,540 --> 00:02:50,530
the exact same level of security as a private cloud,

72
00:02:50,530 --> 00:02:52,920
but it doesn't come with the high cost either.

73
00:02:52,920 --> 00:02:54,410
By using a virtual private cloud,

74
00:02:54,410 --> 00:02:57,240
it's going to be less expensive than using a private cloud

75
00:02:57,240 --> 00:02:59,140
and you're not going to have to own and operate

76
00:02:59,140 --> 00:03:02,240
the entire cloud service or the hardware underneath it

77
00:03:02,240 --> 00:03:04,360
so you're getting some of those security benefits,

78
00:03:04,360 --> 00:03:06,650
but not all of the security benefits.

79
00:03:06,650 --> 00:03:08,720
When we talk about a virtual private cloud,

80
00:03:08,720 --> 00:03:10,920
a virtual private cloud is typically going to be used

81
00:03:10,920 --> 00:03:12,700
to provision Internet-accessible

82
00:03:12,700 --> 00:03:15,940
customer-facing applications or corporate applications

83
00:03:15,940 --> 00:03:19,000
that need to be accessed from geographically remote sites.

84
00:03:19,000 --> 00:03:19,980
If you're thinking of something

85
00:03:19,980 --> 00:03:22,120
that might be a good place inside a DMZ,

86
00:03:22,120 --> 00:03:23,210
a virtual private cloud

87
00:03:23,210 --> 00:03:25,640
might be a good place to put it, as well.

88
00:03:25,640 --> 00:03:27,110
Now, the last thing we need to think about

89
00:03:27,110 --> 00:03:29,000
when we talk about cloud-based infrastructure

90
00:03:29,000 --> 00:03:31,450
is cloud versus on-premise.

91
00:03:31,450 --> 00:03:32,890
Now, what is the difference?

92
00:03:32,890 --> 00:03:34,240
Well, when you deal with the cloud,

93
00:03:34,240 --> 00:03:36,550
you're putting it in somebody else's data center.

94
00:03:36,550 --> 00:03:38,720
You're putting it someplace where you're just seeing it

95
00:03:38,720 --> 00:03:41,260
as a virtual instance someplace on the Internet.

96
00:03:41,260 --> 00:03:42,890
You don't actually get to go touch that thing.

97
00:03:42,890 --> 00:03:45,590
You don't know if it's in Virginia or London

98
00:03:45,590 --> 00:03:48,350
or Washington or even care a lot of times

99
00:03:48,350 --> 00:03:51,010
because you just care that you have access to it

100
00:03:51,010 --> 00:03:52,770
and that's the benefit of having the cloud.

101
00:03:52,770 --> 00:03:54,510
It's everywhere you want to be.

102
00:03:54,510 --> 00:03:56,210
Now, when you deal with on-premise,

103
00:03:56,210 --> 00:03:58,640
this means it's something in your own data center.

104
00:03:58,640 --> 00:04:01,590
You can walk down the hall and you can touch those servers.

105
00:04:01,590 --> 00:04:03,290
A lot of the places I've worked over the years,

106
00:04:03,290 --> 00:04:05,330
we've run our own data centers.

107
00:04:05,330 --> 00:04:06,490
Now, these days, we're starting to use

108
00:04:06,490 --> 00:04:07,990
more and more cloud resources,

109
00:04:07,990 --> 00:04:10,570
but for the last 20 years, I spent a lot of time

110
00:04:10,570 --> 00:04:14,210
in a lot of organizations spending tons and tons of money,

111
00:04:14,210 --> 00:04:16,540
millions and millions and millions of dollars,

112
00:04:16,540 --> 00:04:19,600
building out data centers and running our own servers.

113
00:04:19,600 --> 00:04:21,580
Now, there is some benefits to having cloud

114
00:04:21,580 --> 00:04:23,570
and there's some benefits of having on-premise.

115
00:04:23,570 --> 00:04:25,530
When you deal with on-premise solutions,

116
00:04:25,530 --> 00:04:26,870
you're going to maintain your servers

117
00:04:26,870 --> 00:04:28,410
locally within your network.

118
00:04:28,410 --> 00:04:30,350
That means you're going to be able to touch them.

119
00:04:30,350 --> 00:04:32,850
It also means you're responsible for when they break.

120
00:04:32,850 --> 00:04:34,240
That means when a server goes down,

121
00:04:34,240 --> 00:04:36,040
you're going to be the one waking up at two in the morning

122
00:04:36,040 --> 00:04:38,160
to go replace their hard drive.

123
00:04:38,160 --> 00:04:39,800
When you're dealing with an on-premise solution,

124
00:04:39,800 --> 00:04:42,060
you own the entire thing from software

125
00:04:42,060 --> 00:04:44,310
all the way down to nuts and bolts of the hardware.

126
00:04:44,310 --> 00:04:45,670
That is a good thing in some cases

127
00:04:45,670 --> 00:04:46,840
because you can own the whole thing

128
00:04:46,840 --> 00:04:48,330
and configure it however you want.

129
00:04:48,330 --> 00:04:50,260
It's also bad because it's a major support headache

130
00:04:50,260 --> 00:04:54,330
and a huge capital expense for your organization.

131
00:04:54,330 --> 00:04:56,650
Now, a lot of security products that you have out there

132
00:04:56,650 --> 00:04:59,400
can be used as either cloud-based or on-premise

133
00:04:59,400 --> 00:05:00,700
and we've already talked about a lot of the benefits

134
00:05:00,700 --> 00:05:01,650
of the cloud, right?

135
00:05:01,650 --> 00:05:03,010
They're infinitely expandable,

136
00:05:03,010 --> 00:05:04,370
there's lots of storage out there,

137
00:05:04,370 --> 00:05:05,560
there's ultimate bandwidth

138
00:05:05,560 --> 00:05:07,290
and you only pay for what you use.

139
00:05:07,290 --> 00:05:09,280
Well, with a lot of these security products,

140
00:05:09,280 --> 00:05:12,010
you have a cloud-based version or an on-premise version

141
00:05:12,010 --> 00:05:14,560
and you have to decide which one you want to use.

142
00:05:14,560 --> 00:05:16,210
Now, which one is right?

143
00:05:16,210 --> 00:05:18,760
Well, that depends on what you want to do.

144
00:05:18,760 --> 00:05:21,960
Some of these have some real benefits by doing cloud-based.

145
00:05:21,960 --> 00:05:24,420
They might be more cost effective, they might be cheaper.

146
00:05:24,420 --> 00:05:26,120
You don't have to have dedicated hardware,

147
00:05:26,120 --> 00:05:28,880
dedicated local processing, dedicated local storage.

148
00:05:28,880 --> 00:05:30,280
All those things add cost

149
00:05:30,280 --> 00:05:32,290
and so you can offload all that to the cloud

150
00:05:32,290 --> 00:05:35,400
and just basically point your things to that cloud server

151
00:05:35,400 --> 00:05:37,690
and let it do all of the work for you.

152
00:05:37,690 --> 00:05:39,980
Now, why might you want to use on-premise?

153
00:05:39,980 --> 00:05:42,340
Well, maybe you're worried about the security of that data

154
00:05:42,340 --> 00:05:43,350
and you don't want that data

155
00:05:43,350 --> 00:05:45,220
being outside your corporate network.

156
00:05:45,220 --> 00:05:47,670
That would be a reason for using on-premise.

157
00:05:47,670 --> 00:05:48,650
Now, one of the big reason

158
00:05:48,650 --> 00:05:50,210
that a lot of these security softwares

159
00:05:50,210 --> 00:05:52,400
are starting to move to cloud-based solutions

160
00:05:52,400 --> 00:05:56,110
is you can do better use of AI and machine learning.

161
00:05:56,110 --> 00:05:59,080
Why? Because AI and machine learning takes huge amounts

162
00:05:59,080 --> 00:06:01,890
of processing and huge amounts of banks of resources

163
00:06:01,890 --> 00:06:03,490
and most people don't have that

164
00:06:03,490 --> 00:06:05,370
as a part of their on-premise solution.

165
00:06:05,370 --> 00:06:07,730
So instead, by moving this all to the cloud,

166
00:06:07,730 --> 00:06:09,280
it makes it easier to integrate

167
00:06:09,280 --> 00:06:11,550
with artificial intelligence and machine learning

168
00:06:11,550 --> 00:06:14,880
to do deeper data integration and automated analysis.

169
00:06:14,880 --> 00:06:16,640
Now, if you're going to move to the cloud,

170
00:06:16,640 --> 00:06:18,150
what do you need to consider?

171
00:06:18,150 --> 00:06:20,060
Well, you need to consider any compliance

172
00:06:20,060 --> 00:06:21,790
and regulatory limitations.

173
00:06:21,790 --> 00:06:23,580
Sometimes, you're going to have limitations

174
00:06:23,580 --> 00:06:26,240
of storing data in a cloud-based security system.

175
00:06:26,240 --> 00:06:27,310
Depending on the rules,

176
00:06:27,310 --> 00:06:29,950
you may have to have an on-premise solution.

177
00:06:29,950 --> 00:06:31,180
Now, in addition to this,

178
00:06:31,180 --> 00:06:33,590
there are other issues you have to consider, as well.

179
00:06:33,590 --> 00:06:35,890
For example, if you move to a cloud-based solution

180
00:06:35,890 --> 00:06:37,530
instead of an on-premise solution,

181
00:06:37,530 --> 00:06:39,460
you may be subject to vendor lock-in.

182
00:06:39,460 --> 00:06:41,040
I've seen this with some companies.

183
00:06:41,040 --> 00:06:43,150
They've moved to something where it's based on the amount

184
00:06:43,150 --> 00:06:45,420
of terabytes that you store inside their server

185
00:06:45,420 --> 00:06:46,460
and it can start adding up

186
00:06:46,460 --> 00:06:48,990
to be really, really expensive really quickly

187
00:06:48,990 --> 00:06:51,350
and so that can now get you locked in to that vendor

188
00:06:51,350 --> 00:06:52,600
because they have all your data

189
00:06:52,600 --> 00:06:54,520
and to get out, it's going to cost you

190
00:06:54,520 --> 00:06:57,300
hundreds of thousands of dollars in bandwidth and usage fees

191
00:06:57,300 --> 00:06:59,650
to move it from this cloud to your on-premise

192
00:06:59,650 --> 00:07:01,460
or this cloud to that cloud.

193
00:07:01,460 --> 00:07:03,400
And so, you can get this vendor lock-in problem

194
00:07:03,400 --> 00:07:05,070
that can happen and it's very real.

195
00:07:05,070 --> 00:07:07,690
So, when you're designing your cloud-based infrastructure,

196
00:07:07,690 --> 00:07:10,000
always think what's going to be best for me today

197
00:07:10,000 --> 00:07:12,250
and what's going to happen down the road

198
00:07:12,250 --> 00:07:13,770
because a lot of services

199
00:07:13,770 --> 00:07:15,650
will give you a very low upfront cost,

200
00:07:15,650 --> 00:07:17,170
but then they'll get you on the backside

201
00:07:17,170 --> 00:07:19,183
when you try to move to another provider.