Hi, folks. Ed Amoruso here.
In this video, I want to talk to you about the shift from
a perimeter protected enterprise to something we refer to as a Hybrid Cloud.
Now, this is awesome stuff.
If you're a computer scientist then you're experiencing
a change here and the way we do computing, that's really exciting.
And to do cybersecurity, you have to understand this.
So let's kind of go through some of the elements of this shift to a Hybrid Cloud.
Now first off, the reason we're moving as a globe from
sort of these enterprise perimeter protected networks to
a whole collage of different cloud networks kind of orchestrated together,
the reason for that is not security.
I wish it was. As a security expert,
I wish I could tell you that, hey,
we're running around telling everybody the perimeter doesn't work and as a result,
the world moved to these hybrid clouds.
If only. That's not the thing that's driving it.
Instead, there's a thing,
a handful of things that are driving it that are pretty exciting.
Number one is that it's way less expensive to run services in cloud architectures,
in public cloud, as a service type things that you
see with Microsoft Office 365 for example.
It's a wonderful service.
It's out in the cloud.
It's cheap, lowers cost,
lowers capital requirements for keeping servers in your enterprise.
So cost is certainly one reason
businesses and governments like to move to a hybrid cloud.
By the way, when I say hybrid cloud,
I mean that it's a combination of the enterprise plus these public clouds.
Eventually, when the whole thing is done,
then it's not hybrid anymore,
then it's just pure public cloud which is where I think everything's headed.
So you go from private enterprise to a transitional model,
we have hybrid, combination of private and public,
to eventually fully public.
That's the progression we're seeing and I said cost is one of the main drivers.
The second is mobility.
The idea that people want to be using
mobile devices to access their data plus as human beings,
we want to be more mobile.
We want to be able to go to Starbucks or go to the airport or work from home or
be with our children and do whatever we need to
do rather than sort of being pinned to a desk.
Doesn't mean that's the situation you have at work necessarily.
I'm just saying as human beings, we desire that.
So the idea is that rather than being pinned to a desk where I'm sitting
on a local area network and I can only hit an application that's on that LAN,
it's way cooler if I have my mobile and whether I'm
at my desk or at a soccer game or at the airport,
I can hit my data in the same manner.
That public cloud supports that.
So cost and mobility are two drivers.
The third is just flexibility.
The idea that if I want to be using one type of service and then I don't like it,
I can switch on my accounts to a different type of service.
I don't have to change out capital.
I don't have to touch my data centers.
I don't have to buy new equipment. I just move.
It gives you so many different options as an I.T.
manager, makes things more flexible.
So all of these things are driving this progression to cloud,
to a hybrid situation, eventually, public.
So security people have had a couple of different opinions about this.
That compliance folks, first off,
have tended to not like this progression.
It tended to say, "Ah, you know,
you're moving from things I understand in
my enterprise to some cloud I don't understand."
And they've tended to give bad grades to groups that have been
early adopters of public cloud simply
because it's moving to something that's a little more unknown.
I think that's easy to change.
Cloud service providers need to be more transparent. They are.
And I think over time more and more businesses will be very
comfortable with the idea of moving their data,
their operations, their services to a cloud infrastructure.
And I think that every small business has already done that.
So the idea of compliance teams being uncomfortable,
that's been a problem.
I think it's getting better,
but there's a second issue that I think is reasonable and that's the transition risk.
Any time you're moving applications or systems from one thing to another,
even if you're moving from a bad situation to way better situation,
just the fact that you're changing and transitioning and
moving, computing, introduces risk.
It can introduce problems.
And problems or risk are where hackers go in and they take advantage and they exploit.
So if you're in the midst of, for example,
moving an application from here to some other place,
and you want to make sure that it really works,
you might turn all the security off just to make sure it functionally works,
and then you add the security later.
If you do that, you expose yourself to risk, that's transitional risk.
It's an example of the kind of thing you have to be very
careful about as you're moving to hybrid cloud.
But look, the bottom line here is that this is all really exciting.
It's happening as we speak.
It's impossible to study cybersecurity and understand cybersecurity without
recognizing this backdrop that we're moving from
situations that I grew up with for 20, 30 years.
We had all of your computing in a data center and in
a building and in a company hidden off from
everybody else to a new model where I've
split these things where I have some things in the enterprise,
some not, hybrid cloud,
to eventually a model where there really is no more enterprise.
Everything becomes virtual and distributed and embedded in cloud.
This is what's driving our industry.
This has to be in your mind as you're studying cyber and in subsequent videos,
we're going to look at some really cool techniques,
architectural and technology based techniques for advancing
cybersecurity requirements and interests in a hybrid and eventually public cloud.
So I hope this gives you a little bit of a base understanding of the transition,
and why this is something that's so important for cyber. We'll see in the next video.
Dr. Edward G. AmorosoResearch Professor, NYU and CEO, TAG Cyber LLC
