Amazon Web Services (AWS)  and its peers in the cloud market have transformed infrastructure hosting for companies of all sizes.  However, making the move to the cloud can be intimidating and overwhelming, and it may seem more work than it’s worth.  So why has AWS cloud hosting proven to be so successful?  

Having the first-mover advantage played a substantial role: Amazon entered the cloud infrastructure market before its competitors. AWS kicked off the cloud revolution two decades ago.  But being first wasn’t enough—the platform’s success stems from real-world AWS benefits that help businesses to build profitable products and services. 

The following years saw the introduction of EC2, S3, RDS, and a host of other storage and compute services. Today, AWS offers over 100 services in domains as diverse as database hosting, virtual networking, cloud security, and machine learning. AWS is by far the biggest cloud platform globally, with a 33% market share, compared to Microsoft Azure’s 21% and Google Cloud’s 10%. 

 We believe AWS cloud hosting could benefit your business in 5 distinct ways.   Let’s take a look at these beneficial reasons below: 

1. Reduced Infrastructure Cost with On-Demand Pricing

On-demand pricing is a significant benefit of AWS and other cloud services—you pay only for the resources you use. If you need a server, you can deploy one in minutes and only pay for the compute, storage, and network resources it consumes. AWS allows users to share the underlying hardware, reducing lead times and costs compared to bought or leased IT infrastructure.

2. Scalable Compute and Storage

In the pre-cloud era, businesses bought infrastructure to accommodate peak loads, which meant they paid for resources that were idle most of the time. In contrast, the cloud’s scalability allows businesses to scale up and down as demand changes. In a well-managed cloud environment, businesses make significant savings by not paying for idle infrastructure. 

3. Outsourced Infrastructure Management

Cloud platforms like AWS take care of the physical infrastructure and much of the virtual infrastructure. Cloud users are free to focus their IT resources where they generate the most value. Instead of monitoring and managing physical servers and their components, they can spin up virtual machines or take advantage of higher-level Platform-as-a-Service and Software-as-a-Service tools. Users don’t have to worry about the implementation details because they are outsourced to the cloud provider. 

4. A Diverse Array of Enterprise-Grade Services

The variety of enterprise-grade services AWS provides would be extremely costly for a business to build independently. For example, AWS makes it straightforward to build highly available cloud environments with redundant infrastructure distributed across availability zones, data centers, and even continents. These redundancy and availability features are baked into the platform, and they are available to all businesses, from sole traders to giant corporations. 

5. Best-in-Class AWS Security

AWS offers many services and tools to help businesses improve security and compliance. We’ve written extensively about AWS security services and best practices in previous articles, including:

In the early days of cloud computing, businesses worried moving to the cloud would increase security risks.  They thought giving up infrastructure and software control would lead to more security vulnerabilities. In fact, the opposite is the case. Most cloud security and compliance issues are the results of cloud user error and misconfiguration. 

AWS provides tools and services to help improve security, but it’s up to businesses to use them correctly. Another way of putting it is that businesses and AWS share responsibility for cloud security. The dividing line between the user’s responsibility and the platform’s responsibility is not always clear, and it can be challenging for businesses without cloud expertise to make the right decisions. 

KirkpatrickPrice is here to help make sure your transition to the cloud is smooth and secure. We provide a comprehensive array of cloud security services to empower businesses to make the most of AWS while maintaining excellent security and compliance, including:

To learn more about cloud security and compliance, check out our cloud security resources or contact a KirkpatrickPrice information security specialist.

Cloud computing myths have occupied the IT world since the cloud became a viable infrastructure hosting option a decade and a half ago. Those of us who worked in IT at the time remember the many misconceptions about what the cloud was and whether it was possible to host business-critical services in the cloud while maintaining security and regulatory compliance. 

The IT industry and the cloud have evolved beyond all recognition since those early days, and few people today doubt the value and power of the cloud computing model. In 2022, 67% of enterprise infrastructure and 83% of business workloads are hosted on a cloud platform. 

Yet cloud myths persist, particularly cloud security myths, although their nature has evolved along with the cloud. In the past, cloud security myths were unduly pessimistic. Today, they are just as likely to be unduly optimistic about cloud security and compliance. 

Myth 1: Cloud Platforms Are Insecure

This is the original cloud security myth, founded on the belief that businesses can’t trust infrastructure they don’t control. However, if we look at the pattern of security incidents involving cloud platforms, it becomes clear that they are rarely caused by vulnerabilities in the platform itself. They are almost always the result of cloud users’ misconfigurations and mistakes; 70% of cloud security challenges arise from configuration errors.

Myth 2: Vendors Take Care of Cloud Security

The opposite of our first cloud security myth is the mistaken belief that the cloud is inherently secure. Believers operate under the misconception that hosting software and data in the cloud is a shortcut to improved security. In reality, all cloud providers use a shared responsibility model for security. 

The provider takes responsibility for some security aspects—the physical infrastructure at a minimum, but often other aspects depending on the service. The user is then responsible for using those services securely. For example, connecting an unencrypted AWS elastic block storage device to an EC2 instance creates a potential data leak vulnerability. Amazon provides secure encrypted block storage, but it won’t stop the user from deploying an insecure configuration. 

Cloud users must understand which security aspects they are responsible for and how to configure their cloud environment to meet security and compliance requirements. If you’re worried that your business has cloud misconfigurations, consider a cloud security configuration assessment. 

Myth 3: Compliant Services Guarantee Regulatory Compliance

Many cloud providers advertise that their services are compliant with information security regulations. For example, Amazon’s S3 storage service is certified compliant with SOC, PCI DSS, HIPAA, and other regulatory standards. But what does that mean? Most importantly, it doesn’t mean that an S3-based data storage system automatically complies with those standards. 

This is something cloud vendors go to some lengths to communicate. For example, Amazon’s PCI DSS compliance documentation states that “AWS establishes itself as a PCI DSS Service Provider to enable, upon further configuration, the compliance of our customers.” The “upon further configuration” part is critical. S3’s PCI compliance means it can be used as part of a PCI-compliant system, but it needs to be configured correctly to do so. A simple configuration error may render any system non-compliant  that is built on S3, and it’s the user’s responsibility to make sure that doesn’t happen. 

Myth 4: Bad Actors Don’t Target the Cloud

It might be tempting to think that moving to a cloud platform will solve your business’s security problems. You’re at the end of your tether with the constant bombardment of malware, ransomware, phishing attacks, and bad bots. You want a secure infrastructure solution that is immune to the attention of cybercriminals. But the cloud can’t give you what you are looking for. Many of the biggest security breaches and data leaks of the last few years happened on the cloud. 

Criminals go where the data is, and they have become skilled at exploiting cloud vulnerabilities. As we established earlier in this article, most of those vulnerabilities are caused by cloud user mistakes. Does that mean cloud platforms can’t help you solve your security and compliance issues? In fact, they can, but you may need the help of an experienced cloud expert. 

Myth 5: You Don’t Need A Cloud Security Audit

A cloud security audit based on the Center for Information Security Benchmarks will help your business avoid the security and compliance risks we’ve highlighted in this article. Experienced information security experts will examine your AWS, Microsoft Azure, or Google Cloud Platform environment for configuration mistakes, security vulnerabilities, and data breach risks. An audit ensures you have the information to operate a secure and compliant cloud environment. To learn more, contact a cloud security specialist at KirkpatrickPrice today.

AWS Network Firewall is a flexible managed firewall and intrusion detection service. It allows AWS users to control network access to resources within an AWS Virtual Private Cloud (VPC). We explored AWS Network Firewall and how it complements other AWS firewalls in What is AWS Network Firewall? In this article, we’ll dig a little deeper and show you how to deploy an AWS Network Firewall instance within a VPC hosted on your AWS cloud environment. 

At a high level, the process for deploying AWS Network Firewall involves the following four steps:

  1. Create rule groups with networking filtering rules.
  2. Create a firewall policy that includes your rule groups.
  3. Create a firewall that uses your firewall policy. 
  4. Configure VPC route tables so the firewall endpoint can process traffic as it moves between an internet gateway and subnets within your VPC. 

The details of Step 4 differ depending on how your VPC is configured, so we’ll focus on the first three steps here. 

AWS Network Firewall is a highly configurable service, and secure configuration depends on factors unique to your environment, including how your VPC, subnets, and gateways are configured. This article should not be taken as a guide to setting up a secure firewall for your AWS infrastructure. 

AWS Network Firewall Prerequisites

To follow the steps outlined here, you will need an AWS VPC with the following characteristics:

  • At least two subnets, one of which will be used only for the AWS Network Firewall. 
  • An Internet Gateway with routing configured to send incoming traffic to the other subnet, which should be configured to send outgoing traffic through the gateway. 

The firewall subnet must have at least one available IP address. Amazon calls this configuration a simple single zone architecture with an internet gateway.

Configure Firewall Security Rules 

Protecting Your AWS Cloud Infrastructure with AWS Network Firewall

The first step is to create firewall rules groups to contain your traffic filtering rules. For example, you might want to block incoming SSH traffic to your subnet. To do so, you would create a rule telling the firewall to drop SSH connections. 

  1. Open the AWS VPC console and select Network Firewall Rule Groups from the Network Firewall section of the sidebar menu. 
  2. Click the Create Network Firewall rule group button and give the group a name. 
  3. In the Capacity field, enter a number that represents the number of rules you expect to add to this group. If you’re experimenting, 10 should be sufficient, but be aware that you cannot change this number if you want to add more rules later. 
  4. Choose whether to create a stateless or stateful rule group. 
  5. Scroll down to the Add Rule section and enter the new rule’s protocol, name, and source and destination IP and port. 
  6. Choose whether packets matching the rule are dropped or passed. 
  7. Click the Add Rule button. 
  8. Add additional rules as required, and then click Create Stateful/Stateless Rule Group at the bottom of the page. 

Learn more about how to create security rules from Amazon’s documentation. 

Create a Firewall Policy

Now that you have created a rule, you can add it to a Firewall Policy. 

  1. Select Firewall Policies from the Network Firewall section of the VPC console. 
  2. Click the Create firewall policy button. 
  3. Enter a name and optional description before clicking Next. 
  4. Scroll down to the Stateless rule group or Stateful rule group forms. 
  5. Click the Add Rules Groups button, then Add my own stateful/stateless rule groups. 
  6. Choose the rule group you created in the previous step. 
  7. Click through the subsequent dialogs and then click Create firewall policy on the Review and create page. 

Learn more about firewall policies from Firewall policies in AWS Network Firewall.

Deploy AWS Firewall on Your Virtual Private Cloud

The next step is to create a firewall that uses the firewall policy created in the previous step. Once the firewall is configured, it will be deployed into the firewall subnet of the VPC. 

  1. Select Firewalls from the Network Firewall section of the VPC console. 
  2. Click the Create Firewall button. 
  3. Give the firewall a name and choose your VPC from the drop-down menu. 
  4. Select the availability zone that contains your firewall subnet and then the subnet itself. 
  5. In the Associated firewall policy section, choose Associate an existing firewall policy and then choose the policy created in the previous section from the dropdown. 
  6. At the bottom of the page, click Create Firewall. 

AWS will now deploy your firewall into the chosen subnet. However, the firewall does not automatically begin filtering content. To use the firewall, you must configure the VPC’s routing tables so that incoming and outgoing traffic is sent through the firewall’s endpoints. The specifics depend on how your VPC and subnets are configured, but you can learn more about VPC routing tables in Managing route tables for your VPC. 

Cloud Security and Compliance with KirkpatrickPrice

KirkpatrickPrice can help your business to secure its cloud infrastructure. Our cloud security audits and remote cloud security configuration assessments ensure your AWS infrastructure is configured for optimal security and compliance. To learn more, contact a cloud security and compliance specialist or visit our cloud security resources.

Have you considered moving your business’s data center to the cloud? The proportion of businesses operating an in-house data center declined over the last decade. Many—from small companies to multinational corporations—migrated their workloads to the cloud. Estimates suggest that about a third of businesses run more than 50% of their workloads in the cloud, and the majority run at least some workloads on cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or their competitors.

Within this article, we will explore why businesses migrate their data center to the cloud and how it may be the right decision for your business’s long-term technology strategy.

Data Centers vs. The Cloud

Before cloud computing, there were several options for hosting technology infrastructure. A large company might invest in building, equipping, and staffing a data center. Smaller companies may instead use an on-site server room or server cupboard. Alternatively, businesses could buy server hardware and colocate it in a data center managed by a third party.

Over the years, many different data center hosting models developed. Still, they were similar in one way: the user paid for and managed physical infrastructure housed in a data center facility.

In contrast, “cloud” is a broad term for compute, storage, and software services that do not require users to manage or interact with physical hardware, which is managed by the vendor and resides in their data centers. 

Cloud services are typically divided into three main categories:

  • Infrastructure as a Service (IaaS) provides virtual servers, networks, and other infrastructure on which users can host their software.
  • Platform as a Service (PaaS) provides higher-level services for hosting websites and applications. PaaS platforms simplify IT management by combining compute, storage, networking, and related software services into a single platform.
  • Software as a Service (SaaS) provides software hosted on the operator’s infrastructure and accessed by the user over the internet.

Today, there are many additional “X as a Service” cloud modalities that reflect the diversity of products offered via the cloud model. For example, Database as a Service, Disaster Recovery as a Service, Desktop as a Service, and others.

Cloud Migration Benefits

We’ve discussed the differences between cloud and non-cloud infrastructure hosting, but why have so many businesses chosen to migrate their data center to a cloud platform? Let’s explore five benefits that make the cloud an attractive proposition.

Scalability and Elasticity

Scaling is among the most challenging aspects of managing a data center. Infrastructure requirements change over time, but they rarely grow smoothly and predictably, often fluctuating by season or time of day. Traffic spikes may demand resources many times the average, and your data center must cope. That means investing in servers and network infrastructure that will be idle for most of its life.

In contrast, cloud infrastructure scales with demand. A cloud platform’s virtual infrastructure is built on a large pool of computational resources—the physical infrastructure the platform vendor is responsible for. Cloud users can take advantage of as much or as little of that pool as they need. Instead of researching, buying, configuring, and maintaining physical servers in their data center, a cloud user simply deploys more virtual resources—a process that can be automated.

Elasticity is a consequence of the cloud’s ability to scale quickly. An elastic infrastructure deployment can grow or shrink in line with user demand. There’s no need to deploy idle infrastructure in anticipation of traffic spikes. Businesses can instead adjust cloud deployments to match current requirements.

Reduced IT Costs

We have already hinted at one way migrating to the cloud reduces IT costs. The cloud’s scalability allows businesses to adjust deployed resources to match demand. Unlike a physical data center, cloud platforms operate with on-demand pricing: users pay for the resources they consume after they are used. In contrast, data centers require significant upfront investments based on uncertain predictions about future resource requirements.

Other ways migrating to the cloud can reduce IT spending include:

  • Lower staffing requirements for equipment maintenance.
  • Reduced real estate spending compared to owned data centers.
  • Reduction of capital expenses and the transfer of IT capital expenditure to operational budgets.
  • Economies of scale through sharing physical hardware with multiple users.

Although cost savings are a benefit of cloud platforms, it should be pointed out that businesses may fail to save money in the cloud. If cloud environments are improperly managed and monitored, companies may pay far more than anticipated. This is particularly true for businesses that lack experience in managing cloud infrastructure.

Enhanced Business Agility

Extended lead teams are expected when deploying hardware in a self-managed or colocated data center. It’s not unusual for lead times to stretch to months when research, acquisition, shipping, deployment, and configuration are accounted for.

Cloud platforms, in contrast, allow businesses to deploy new infrastructure in minutes, as we’ve already mentioned. But building on that advantage is the ability to automate cloud deployment and configuration. The programmability of cloud platforms empowers businesses to build continuous integration and deployment pipelines that allow developers to iterate on code and push new features into production with minimal delay.

Reduced Infrastructure Management Burden

While every company needs IT infrastructure, it rarely makes sense for businesses to own and manage a data center. Managing data centers, servers, and networks is complex, expensive, and time-consuming. But it is not in itself a revenue-generating activity. Migrating to a cloud platform allows companies to focus on the applications and services that support their operations while leveraging a cloud vendors’ greater data center resources, expertise, and experience.

Improved Security and Compliance

Migrating to the cloud outsources some security issues to the cloud vendor. For example, when you deploy a virtual server on EC2—AWS’s IaaS service—you don’t have to worry about securing the underlying physical servers and networks. Amazon takes care of it. Additionally, all the major cloud platforms offer world-class security tools and services, such as firewalls, network monitoring and alerting, encryption, secret management, and more.

Cloud platforms can also help businesses comply with information security and privacy regulations. AWS, Microsoft Azure, GCP, and other cloud vendors implement compliance programs that support compliant infrastructure environments.

However, cloud vendors operate a shared responsibility model. The vendor has some security and compliance responsibilities, but so does the user. As we’ve previously written, many of the most common cloud security vulnerabilities result from user error and misconfiguration.

Continuing the EC2 example above, AWS protects the hardware a virtual server runs on, but it does nothing to stop a user from installing insecure software or running SSH with the root user’s password set to “pa55word.” Consequently, although EC2 can be HIPAA-compliant, that doesn’t prevent users from making mistakes that result in HIPAA breaches.

KirkpatrickPrice Helps Companies Stay Secure and Compliant in the Cloud

KirkpatrickPrice is a licensed CPA firm specializing in information and cloud security. Our cloud security audits and compliance audits help businesses verify and demonstrate their security and compliance. To learn more, contact a cloud security and compliance specialist or visit our cloud security resources.

Cloud platforms are popular, but they aren’t yet ubiquitous. Six out of ten businesses have conducted a cloud migration, but that implies four out of ten haven’t. If your business hasn’t made the leap to cloud infrastructure, you may be wondering what all the fuss is about. In this article, we explore five reasons you may want to reconsider moving some of your workloads to cloud platform like AWS or Microsoft Azure.

What is Cloud Migration?

Cloud migration is the process of moving data, applications, and computational workloads into the cloud. Because the cloud takes many forms, cloud migration takes many forms too. The classic cloud migration involves moving an application hosted on a physical server to a virtual server hosted in the cloud. But cloud migration may also involve breaking an application into components distributed across multiple cloud services, including database services, storage services, and Platform-as-a-Service (PaaS).

A business may also choose to migrate only part of an application or workload. For example, they may migrate data storage to a cloud platform while hosting the application’s code in their data center. Or they may use on-premises infrastructure as a primary site while leveraging the cloud as a disaster recovery or “cloudburst” location. The combination of on-premises hosting with cloud hosting is often called a hybrid cloud environment. 

Three Cloud Migration Strategies

As we’ve seen, cloud migration isn’t a simple matter, but application cloud migration strategies can be broken down into three broad categories. 

Lift and Shift

Lift-and-shift, also known as rehosting, is the simplest cloud migration strategy. An application is transferred in its current form from on-premises servers to virtual servers running in the cloud. Lift-and-shift migrations involve minimal changes to the application because Infrastructure-as-a-Service platforms such as AWS EC2 or Azure Virtual Machine provide server environments that are essentially identical to physical servers from the application’s perspective. 

Lift-and-shift migrations are faster, simpler, and less expensive than other types of migration. However, they may not take full advantage of the cloud platform’s capabilities. Additionally, businesses should consider the security and compliance implications of even a simple rehosting project. Virtual servers appear similar to physical servers, but moving to an unfamiliar cloud environment may introduce security and privacy risks that a business is not well-equipped to predict or mitigate. 

Rearchitect

Rearchitecting transforms an application’s design to take advantage of cloud platform features. A monolithic application might be rearchitected as microservices hosted on containers. Or the application might be modified to work with a managed database platform instead of a self-hosted database. 

The extent and complexity of rearchitecting projects depend on the business’s objectives and often on cost considerations, but all rearchitecting projects must pay careful attention to the security and privacy implications of any changes. 

Rebuild/Replace

In the most radical cloud migrations, an application is rebuilt or replaced in its entirety. Instead of moving code and data to the cloud, similar functionality tailored for the cloud is built from the ground. Businesses may take this route to leave behind a legacy application judged unsuitable for the cloud or to embrace new technologies and platforms.  Rebuilding provides a cloud-native application, but it is the most complex and expensive cloud migration option. 

5 Benefits of Cloud Migration

We’ve looked at what cloud migration is and the migration strategies businesses use to achieve their objectives, but why do they choose to migrate to the cloud in the first place. 

Improved Infrastructure Security and Compliance

Cloud migration alleviates businesses’ need to manage some aspects of infrastructure security. For example, the cloud provider manages physical and some network security. It also provides tooling that helps businesses to monitor and secure their infrastructure. 

However, it’s important to emphasize that cloud security is a shared concern. Although the provider is responsible for some aspects of infrastructure security, the user must ensure they configure and manage cloud services according to cloud security best practices. A significant percentage of cloud security incidents result from improper configuration, as we’ve discussed in previous articles

Reduced Infrastructure Cost

Cloud platforms can be less expensive than on-premises or colocated infrastructure if managed correctly. Cloud environments grow and shrink in line with the user’s requirements. For example, AWS EC2 instances scale up and down, and businesses can choose from many different configurations depending on their need. Additionally, cloud infrastructure does not require significant up-front investment; users pay only for the infrastructure they use, as they use it. 

As with the security benefits of cloud migration, businesses must follow cloud best practices to realize potential cost savings. Cloud users may spend more than they expect if they do not monitor and control their environment to avoid wasted resources. 

Enhanced Scalability

Scaling on-premises infrastructure is often complex and expensive. Scaling in the cloud is more straightforward. As we have already mentioned, most cloud services grow and shrink in line with the users’ needs. For example, cloud block storage services provide an almost infinite amount of data storage, and businesses don’t have to manage physical storage devices. 

Scalability is one reason businesses opt to rearchitect applications when migrating. Breaking an app into smaller services allows each component to be scaled and replicated independently, which may not be possible with a monolithic application. 

Increase Business Agility

The flexibility of cloud platforms allows businesses to respond to evolving customer and market demands. They can deploy and scale infrastructure quickly. Larger cloud platforms provide an array of managed services that make it easier to deploy new features. Furthermore, cloud platforms encourage a DevOps approach to application development, allowing businesses to quickly develop and deploy new features. 

Simplified IT Management

Cloud infrastructure can be managed in a web interface or scripted via an API. Modern cloud management interfaces provide a vast array of features that allow businesses to monitor, configure, and adapt every aspect of their environment. 

As with the other benefits we’ve looked at here, there are potential drawbacks where cloud management is concerned. Cloud management is simpler if your business is familiar with the platform and its intricacies. If not, cloud management can be confusing, and, in the worst cases, a lack of expertise leads to cost, security, and compliance issues. 

Verify Your Cloud Migration Security with KirkpatrickPrice

Cloud migration may create significant new security and compliance risks, especially for businesses unfamiliar with the platform. A cloud security audit verifies and tests the controls your company has in place on AWS, Azure, or GCP. Visit the KirkpatrickPrice AWS Security Scanner or contact a cloud security specialist to learn more about cloud security audits.