Does Fake Cloud Matter?

Following on the cloud theme from “Psychoanalyzing Security Cloud Fears”, here is another one: does fake cloud matter?

First, what is FAKE CLOUD? The classic and most crisp fake cloud example (that used to be called “cloudwashing”) is traditional software hosted … well… somewhere else. Like in your uncle Bob’s often-flooded basement, say. Or say at a neighborhood Bob’s Used Car Garage and Totally Secure MSSP franchise. Or even right at your tool vendor, Bob’s Incompetent Dev But Worse Ops shop.

AppSec/API Security 2022


Funny enough, the above visual is not true for real cloud (like say for a modern PaaS), but very much true for fake cloud.

So, does fake cloud matter? Chances are some security tools you use today are delivered via “fake cloud” delivery model. But does it matter for you, operationally? How is “fake cloud” inferior to a native cloud application? But, more importantly, is it?

I think the answer is SOMETIMES. For example, when we did our SaaS SIEM research (paper), we learned that most people who wanted a SaaS SIEM simply hated the need to manage the SIEM boxes (appliances, software, storage, etc) above all other challenges. In this case, fake cloud or hosted, single-tenant legacy SIEM will suffice and will in fact deliver on THEIR VIEW of cloud benefits.

However, fake cloud has a tendency of being more – not less – expensive that buying software and running it on-premise. Now, my point is that it is NOT obviously cheaper, it can go either way. For example, if your “cloud” SEM vendor needs to store data inside a public cloud provider, guess who is paying all that cost, plus vendor margins on top? A fake cloud vendor is more likely to not use efficient cloud-native storage methods, BTW, that tend to be pricier (e.g. instance storage vs S3 vs Glacier, etc)

On the other hand, you may want such real cloud properties such as auto-scaling, elasticity, self-provisioning, usage pricing, etc. You may want to send 10 log entries today to your cloud SIEM and send 10,000,000,000,000 entries tomorrow and have it work just fine. You may also want to do this without paying for the 10 trillion events for both days. And without calling the vendor to “scale you up” a month in advance so they can buy new servers… And without getting the “sorry, we are upgrading your SIEM version today, hence you are down, cloud be damned.” You may also want a vendor that makes use all the data they have, to train their AI (do they have it?) and to build better analytics for all their clients. In this case, avoid fake cloud tools based on your requirements.

To summarize, I’d venture a guess that some people will prefer cloud-native tools, while other will justifiably go for fake cloud, especially if it happens to have all of their required benefits (such as not having to patch Linux on their security appliances).

Possibly related blog posts:

*** This is a Security Bloggers Network syndicated blog from Anton Chuvakin authored by Anton Chuvakin. Read the original post at: