SBN

Fake Cloud: Now There Are Two Hands in Your Pocket

More than a decade ago, I was working for a SaaS security company that shall remain nameless in this post, but can be easily figured out from my LinkedIn profile. Its CEO had a pithy saying that stayed with me ever since: to paraphrase, “no successful software company ever transitioned to be a successful SaaS company.” Frankly, I have no idea whether there are exceptions to this “law”, but my experience over the years showed this to be largely true, at least in security. Note that a failed on-premise software company may well pivot to SaaS just fine, it’s the success on-premise that essentially makes such a transition difficult, if not impossible.

To further pursue this logic, in my analyst years, I’ve observed a fair bit of what was then known as “cloudwashing.” It meant hosted, single-tenant, off-premise deployment of traditional software that was, however, marketed as “cloud something” or “SaaS other.” The thing is [as I alluded here] that this may be fine for many organizations under some circumstances. However, things are very much NOT fine in other circumstances. Where am I going with this?

Let’s take SIEM as an example. Three scenarios:

  1. Software SIEM deployed on-premise on customer hardware.
  2. The same software SIEM deployed on IaaS.
  3. A native SaaS SIEM, that was built as SaaS using cloud technology and operational practices (!).

(notice that I am sidestepping co-managed models here, because they will unnecessarily complicate this particular discussion; the above assumes that all the upkeep tasks needed are performed by a client or by a SaaS vendor, where applicable)

Which one is better? As my Gartner co-author would say, quoting Admiral Ackbar, “IT’S A TRAP!” Indeed, very much a trap, because the answer depends on your requirements and constraints. However, there are certain patterns we can derive from looking at the list of options.

If you recall my ancient SIEM costs post and/or my related analyst papers, SIEM costs go far, far beyond license cost that you pay to a SIEM vendor. So, in case 1 you pay all these costs, plus the hardware cost and anything associated with hosting said hardware in your data center. However, in case 2 you again pay all these costs, plus also the cloud costs (storage, compute, data movement). OK, you won’t pay for electricity and data center cooling, but this is pretty much all the savings you are going to realize — and you will see a cloud bill. Every month.

My point is that all the upkeep tasks — and costs! — are the same in cases 1 and 2. “There is no cloud” (in this case), it’s just somebody else’s hardware, cooling fans and data center scooters. Also, what used to be mostly capex (hardware) is now opex (cloud) — this may matter for some organizations.

How big of a deal that is for you? For example, in my analyst days I was aware of cases where deploying a free log search tool on a major public IaaS infrastructure resulted in a 6–7 digit bill — from the cloud provider. People who use vendors who store data in MySQL instances on virtual machines in the cloud pay even more (can you imagine anything more anti-cloud as this?!). Briefly putting my vendor hat on, I can tell you that Chronicle (case 3 of a native SaaS SIEM) would be dramatically cheaper for this scenario, and also will not suffer from any issues described here.

To summarize, hosting traditional SIEM in public IaaS has some advantages. You do not have to purchase, manage and update hardware and procure or expand your data center space. However, you now pay the largely same SIEM costs, and also you pay cloud costs. The latter are occasionally known to be very high. Using native cloud-born tooling that uses cloud-native infrastructure effectively (and relies on smooth cloud-style operational practices!) may yield savings measures in X factors, not percentages…

To summarize the summary, SIEM costs money and SIEM in the cloud done in an anti-cloud way costs even more money. Look, cloud is a place where things really are different; approaching the cloud as if it were a rented data center space does decrease your cloud adoption benefits. Don’t be an anti-cloud cloud user!

P.S. I was not at all surprised that this situation is not unique to security, e.g. see this.

Related posts:


Fake Cloud: Now There Are Two Hands in Your Pocket was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.


*** This is a Security Bloggers Network syndicated blog from Stories by Anton Chuvakin on Medium authored by Anton Chuvakin. Read the original post at: https://medium.com/anton-on-security/fake-cloud-now-there-are-two-hands-in-your-pocket-605409a4631c?source=rss-11065c9e943e------2