Why Cloud Computing can be a pain or a big risk depending on the use case (money, ownership, and more). Self-Hosting and Cloud need to work together.
Countries & Laws
What's the company that you use? I'll tell you if you're under CLOUD Act (USA) or another problem.
I'm not anti-GAFA or anti-USA. Sometimes, we need to avoid potential risk and the most important is CLOUD Act.
A lot of companies and persons use AWS, Azure, GCP but sometimes, it's the major security risk.
Are you doing critical information or computation for your company? Is it your major product?
CLOUD Act: Clarifying Lawful Overseas Use of Data Act
United States federal law enacted in 2018 - H.R. 4943
It's the weapon to obtain remote data through service providers through SCA warrants, as the SCA was written before cloud computing was a viable technology.
SCA: Stored Communications Act: 1986
CLOUD Act: 2018
U.S. data and communication companies must provide stored data for a customer or subscriber on any server they own and operate when requested by warrant.
They can refuse or challenge but countries can be with bi-lateral agreements. In that case, requested data related to its citizens are provided in a streamlined manner.
But a lot of companies are processing without challenge also in case that it's easy to do it.
Other things… National/Industrial Security manner
It's not the CLOUD Act, in the USA, NSA is the most important agency that can analyze data from US companies, and what about Cloud Provider.
We know about NSA backdoor in routers and others… It's still a risk that they can audit VM.
For example, in France, Renater's network is very inspected because it's used by many universities, research centers & co.
Business is Business
GitHub is the first place to push our open source stuff but is it the right solution for absolutely all source code?
If you're not paying for the product, you are the product - Television Delivers People (1973)
Remember that if you're not paying for a service or product that it's important (or vital) for you, you're the product because your data are monetizable.
I use GitHub, GitLab, Bitbucket but finally, my first place to work is still my server.
I worked in a French company and they used GitHub Enterprise Cloud for every repository and without an internal copy. It was very stupid because all the core business was in GitHub's datacenters but mostly in case of connectivity failure (example: cut of optical fiber).
You need to do what's the impact of connectivity failure to your Git or other tools that you use to work like Salesforce or others. You can be surprised.
Cloud
What's Cloud?
Cloud (noun): label marketing for virtualization
I'm not kidding, Cloud is virtualization and containerization with the big bullshit for scaling because you can do it yourself in your datacenters.
Budget = pay more than before and more about ownership
With all the marketing about you can reduce your costs, you're on another way, more expensive than before.
You pay your instance, services based on usage (running time, storage) but the most expensive is … network !
All network traffic from the internet to your instance/services is free of charge because it's not costly for network operators but all the out (from your instance/services) to the internet, you pay it!
Do you backup your cloud database to another data center or doing a dump to dev locally, welcome, you pay the network used for it. Yes, you pay for all the outgoing traffic.
Do you backup your storage in the USA to Ireland, welcome, you pay it too. It's not a joke but a reality.
Do you see the dark face of the cloud? Welcome, you're locked inside your provider, and if you want to leave, you'll pay all the network used to extract your data !
Ownership? You're locked in. If you built a startup integrally in the cloud, you need to analyze migration cost about traffic because you can have a lot depending of:
- file and object storage
- database dump
- software code: the dream of serverless
Cloud Provider SDK = vendor lock-in
Are you using serverless (lambda, speech to text & co)?
Do you use the SDK from your provider?
Welcome in vendor lock-in (Cloud version) because you can't migrate easily.
For example, you use a lot of lambdas and your cloud provider provides a good SDK for his serverless solution, you use it to have a gain of time.
In reality, you're losing portability, ownership and finally, you'll pay it a lot:
- developers need to work more to adapt the code (removing the SDK)
- time because you have unavailable developers to work on fixes & more
- your mind because you're paying right now what you think to be a good choice
Where is Availability?
Do you think that your cloud provider will do the principle of Availability?
Are you using only one provider? It's a SPOF!
You need to work with multiple cloud providers because, at this time, cloud providers don't offer the availability to do all needed migration about your instance and other services that you use to another zone.
When you worked with different data centers, you did availability with replication between each data center.
With AWS and others, you miss this principle so basic and vital and also about backup because you think that your cloud provider does it for you. It's false! Stop dreaming and be conscient that you need to do it yourself excepted if you find a very premium cloud provider and in that case, don't be surprised about the cost.
Conclusion
It's time to stop right there otherwise, I'll write a lot of things and I'll lose you.
The actual schema about Cloud is just to forget and very quickly before the point of no return.
Where are your data? Are you doing backup? What's the real cost of each backup?
The same thing happens with your drive, it's why I've my files/objects storage. I know where are my data, who can access it and I have a fixed cost.
I use CloudFlare and I like this cloud service.
What's the most important risk in the actual schema? Not just money. We're losing ownership! - sycured
Don't be a fool and think about what you're doing with your data.