Cloud computing platforms have exploded in popularity in the last 15 years thanks to the scalability, flexibility and cost efficiencies they can bring. First to the party in 2002 was Amazon, when the first iteration of Amazon Web Services (AWS) was launched. Since then, multiple other vendors have jumped on the Infrastructure as a Service (IaaS) bandwagon, including tech heavyweights Google and Microsoft, but AWS remains at the front of the pack with more than 30 percent of the market (for context, its biggest competitor, Microsoft Azure, commands just under 15 percent of the market).
Much of AWS’s lure is the number of services it offers, although it is most renowned for cloud-based storage and virtual servers, as well as its global availability. While there are multiple options available to organisations when it comes to cloud storage, the most common and popular is Amazon S3, which comes with transparent pricing and the ability to shift up and down as required. Thanks to this, organisations are offered a huge amount of flexibility without having to commit to a certain amount of space which, in theory, makes it more cost efficient. As we’ll see, though, that isn’t always the case.
It’s all got out of hand
AWS’s ease of use is one of its biggest selling points. As any growing business will know, being able to quickly increase storage capabilities or spin-up new environments for internal software projects without fuss is a dream. It can, however, quickly turn into a nightmare. Organisations are often blind to a lot of activity taking place inside AWS infrastructure and this leads to both cost and security issues.
A developer may, for example, spin up a new AWS instance in order to load test a new software release. The testing ends, and the developer moves onto the next task, spinning up another environment. The previous environment is just sitting there, redundant, but being paid for. If multiple people are doing the same, the situation quickly becomes unmanageable and expensive.
On top of the cost, there’s also the issue of security. Without a clear understanding of what information is where and how it is being used, organisations can quickly lose control. The developer in the previous example may well have left multiple versions of the businesses software floating around the cloud somewhere. Then there are multiple examples of people misconfiguring S3 buckets resulting in data being left wide open on the internet. With GDPR fines now in full force, these kinds of data breaches can make your cloud sprawl very costly indeed.
Contain the beast
The most effective way to contain cloud containers is to implement a strategy from the start, putting in place rules and policies that control how AWS is used and how that usage is monitored to ensure its both secure and cost-effective. Just as with any cloud deployment, visibility and control are absolutely crucial.
However, many businesses are a long way down Route 53 using AWS – and other IaaS platforms – before they realise they have a problem. And don’t have the policies or tools in place to sort the issue out. All is not lost though. Whether starting out on your AWS journey or well down the road, CASB provides the control and protection needed.
As with SaaS applications, CASB offers the ability to enforce access and security policies for IaaS resources. Organisations using CASB are able to better understand what services are being used, for what, by who and how frequently.
CASB can help identify where services are idle or underutilised and where turning off objects, consolidation or pre-paying for certain infrastructure elements can make IaaS more efficient and significantly less costly.
In modern environments, visibility and control are the only means to proactively and effectively ensure IaaS is not being misused. For many organisations the business case for CASB is straightforward with the potential cost savings showing a short-term return on investment.
Speak to us about a demo to find out how you can keep your costs down and security high with Censornet CASB