Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 9

Cloud Costs & Security

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Morning, everybody. How you doing today on this episode of the show. We're going to talk about cloud computing cost your perception of those cost and how they actually related to security Now few things trickled across my feet degenerated this topic. The first was a coverage of a survey survey done by right scale that looked at organizations perceptions around there.

I cloud computing spend and the second was the IPO paperwork or pre-ipo paperwork from Lyft now in lift file their paperwork everywhere. I went what is going on? They have a commitment a contractual commitment with AWS to spend three hundred million dollars at least between 2019 and 2021 that works out to be around 8 plus a million per month.

So that is a significant amount of money, but it needs to be properly contextualizing just cherry-picked that number to take it cost so much in the cloud. Why is anybody moving to the cloud? There's so many problems costs are through the roof and if you read Through the right scale survey you may actually agree with that.

So right scale survey pulled out a whole bunch of things around and basically sticker shock for organizations when they started to really get rolling on their Cloud adoption. They were quite surprised at the size of their bill. It didn't match their expectations. Now, there's a little bit of caveat here.

Actually. It's a really big complicated copy card billing is really difficult to understand. There are number of tools from AWS from Google for Microsoft to help you understand your bill and there are entire third party Partners to work to try to help you understand your bill and there's Consultants around understanding your bills in the cloud of Noah Twitter Phenom anti-hero.

Corey Quinn makes his business is primary business is helping people understand this bill because this is really really complicated stuff and I get it if you ever actually looked at your AWS or Google Bill not just the nice PDF. Send but the microtransactions sheet it's nuts because you're being build a penny per hour for this you're being peeled of a fraction of a penny per microsecond to millisecond of execution time here.

You have a year-long commitment here that reduces the bill by 30% for this particular instance type in this particular region. There's a lot of factors for all of this consumption pricing at the end of the day you do get a number and that number according to this survey was a big shock to a lot of people so there's a few ways to take us, you know, we fully understand and accept that has a long way to go as far as I'm being easy to understand being easy to forecast being really easy to kind of grasp.

But more importantly in this is where it starts to tie back to security is that it needs to be contextualized in the business. So that big number from Lyft the 8 plus million a month for 300 million overall Works down to $0.14 per ride $0.14 of overhead per ride that people are taking a through the lift Network Costco's rides are not a dollar rides are significantly more than a dollar CIT overhead to generate that ride is only $0.14.

That's a pretty good spend. Right? They've kept that cost really really low. They've been able to keep it low because they're in the cloud using on demand resources. Now where I see in my experience stalking organizations around the world where they sticker shock comes and they're genuinely surprised that this is eyes their Cloud Bill what the way to counteract this is ask them.

Okay? Well, what about your previous data center build your previous IT budget what happened is that we never had this level of detailed tracking me. How the whole bunch. Assumptions about how we were spending money on it within our organizations and they were probably completely off base, but they were associated to one budget item line at the CIO level saying, you know, we spent 38 million per year.

We didn't know what you're getting for that where is in the cloud, you know down to the penny where you're spending a fraction of a penny what you're spending it on and what you're getting back. So how does this tie back to security? You know, we're 4 minutes in the episode.

How does this tie back to security? What's pretty straightforward? You need to know the value of the data and how much you're willing to spend on that data to protect it. So if the company has determined right in determining the value of the data can be really really tricky but one partial proxy is if you know how much the company's willing to spend to generate that data or due process that data understanding of the ballpark of the importance of that data.

I'm right same thing with calculating and potential fines calculating and potential revenue from that you start to get an idea of how much you should be spending from a security. Perspective because you can't just wildly spend on security the whole idea of security of Defense as a principal is essentially I'm going to spend enough to stop most attackers from getting this data but still less than the data is worth or at the level of it.

The date is worth two if I have something that's worth, you know $10 to my business. I'm not going to spend $1,000 to protect it. It doesn't make any sense. If somebody steals that you to spend ten bucks to replace it. Right if it's replaceable. Now if that's personally identifiable information in the fines are significant, maybe I'm in the EU and I'm under gdpr or the reputation damage or I just I take on that moral responsibility of customers have trusted me with the day.

I want to spend a lot more than I'm willing to spend a lot more to protect that right and part of these cloud computing. I really thought it was interesting because for me that's step one on a security Journey. We should have taken a very long time ago. You need accurate modeling of the application of the spend around the application in the overhead.

So, you know how much your security controls are costing you Reply as well as the date of that. They're protecting. There's a lot of challenges here, but step one is to get that data and we've got that when you move into the cloud you understand how much that application cost how much the overhead is there to run it when you can calculate the people cost on top of it.

Now, you can understand that your security control for spending $1000000 in a security control for an application is being run for $1,000 a year. You need to find a new way to apply security. There are new level of Security to apply because that's just completely disproportionate even if the value of the data is huge and worth that type of investment you need to do better in your security implementation.

You need to modernize that pushed out into the cloud as well some ways that you keep paste but more information on costing more accurate is better for everybody's better for everybody and I T is better for the business. It's better for security and this sticker shock is not the cloud cost so much because it's the exact opposite of the cloud is far more efficient.

The cloud is going to cost you far less. The sticker shock is you had zero awareness or near zero. Where does it what you were spending what you have been spending four years and that applies doubly so for security teams that spend a ton of money and aren't really sure the value that they're generating for the business for the return on those Investments.

So more information is better as always. What do you think of me up online at Mark NCAA in the comments down below and is always by email me and Mark n. C. I look forward to talking to you about this issue and many many others. I hope your setup for a fantastic day and I'll see you on the next show.

Morning, everybody. How you doing today on this episode of the show. We're going to talk about cloud computing cost your perception of those cost and how they actually related to security Now few things trickled across my feet degenerated this topic. The first was a coverage of a survey survey done by right scale that looked at organizations perceptions around there.

I cloud computing spend and the second was the IPO paperwork or pre-ipo paperwork from Lyft now in lift file their paperwork everywhere. I went what is going on? They have a commitment a contractual commitment with AWS to spend three hundred million dollars at least between 2019 and 2021 that works out to be around 8 plus a million per month.

So that is a significant amount of money, but it needs to be properly contextualizing just cherry-picked that number to take it cost so much in the cloud. Why is anybody moving to the cloud? There's so many problems costs are through the roof and if you read Through the right scale survey you may actually agree with that.

So right scale survey pulled out a whole bunch of things around and basically sticker shock for organizations when they started to really get rolling on their Cloud adoption. They were quite surprised at the size of their bill. It didn't match their expectations. Now, there's a little bit of caveat here.

Actually. It's a really big complicated copy card billing is really difficult to understand. There are number of tools from AWS from Google for Microsoft to help you understand your bill and there are entire third party Partners to work to try to help you understand your bill and there's Consultants around understanding your bills in the cloud of Noah Twitter Phenom anti-hero.

Corey Quinn makes his business is primary business is helping people understand this bill because this is really really complicated stuff and I get it if you ever actually looked at your AWS or Google Bill not just the nice PDF. Send but the microtransactions sheet it's nuts because you're being build a penny per hour for this you're being peeled of a fraction of a penny per microsecond to millisecond of execution time here.

You have a year-long commitment here that reduces the bill by 30% for this particular instance type in this particular region. There's a lot of factors for all of this consumption pricing at the end of the day you do get a number and that number according to this survey was a big shock to a lot of people so there's a few ways to take us, you know, we fully understand and accept that has a long way to go as far as I'm being easy to understand being easy to forecast being really easy to kind of grasp.

But more importantly in this is where it starts to tie back to security is that it needs to be contextualized in the business. So that big number from Lyft the 8 plus million a month for 300 million overall Works down to $0.14 per ride $0.14 of overhead per ride that people are taking a through the lift Network Costco's rides are not a dollar rides are significantly more than a dollar CIT overhead to generate that ride is only $0.14.

That's a pretty good spend. Right? They've kept that cost really really low. They've been able to keep it low because they're in the cloud using on demand resources. Now where I see in my experience stalking organizations around the world where they sticker shock comes and they're genuinely surprised that this is eyes their Cloud Bill what the way to counteract this is ask them.

Okay? Well, what about your previous data center build your previous IT budget what happened is that we never had this level of detailed tracking me. How the whole bunch. Assumptions about how we were spending money on it within our organizations and they were probably completely off base, but they were associated to one budget item line at the CIO level saying, you know, we spent 38 million per year.

We didn't know what you're getting for that where is in the cloud, you know down to the penny where you're spending a fraction of a penny what you're spending it on and what you're getting back. So how does this tie back to security? You know, we're 4 minutes in the episode.

How does this tie back to security? What's pretty straightforward? You need to know the value of the data and how much you're willing to spend on that data to protect it. So if the company has determined right in determining the value of the data can be really really tricky but one partial proxy is if you know how much the company's willing to spend to generate that data or due process that data understanding of the ballpark of the importance of that data.

I'm right same thing with calculating and potential fines calculating and potential revenue from that you start to get an idea of how much you should be spending from a security. Perspective because you can't just wildly spend on security the whole idea of security of Defense as a principal is essentially I'm going to spend enough to stop most attackers from getting this data but still less than the data is worth or at the level of it.

The date is worth two if I have something that's worth, you know $10 to my business. I'm not going to spend $1,000 to protect it. It doesn't make any sense. If somebody steals that you to spend ten bucks to replace it. Right if it's replaceable. Now if that's personally identifiable information in the fines are significant, maybe I'm in the EU and I'm under gdpr or the reputation damage or I just I take on that moral responsibility of customers have trusted me with the day.

I want to spend a lot more than I'm willing to spend a lot more to protect that right and part of these cloud computing. I really thought it was interesting because for me that's step one on a security Journey. We should have taken a very long time ago. You need accurate modeling of the application of the spend around the application in the overhead.

So, you know how much your security controls are costing you Reply as well as the date of that. They're protecting. There's a lot of challenges here, but step one is to get that data and we've got that when you move into the cloud you understand how much that application cost how much the overhead is there to run it when you can calculate the people cost on top of it.

Now, you can understand that your security control for spending $1000000 in a security control for an application is being run for $1,000 a year. You need to find a new way to apply security. There are new level of Security to apply because that's just completely disproportionate even if the value of the data is huge and worth that type of investment you need to do better in your security implementation.

You need to modernize that pushed out into the cloud as well some ways that you keep paste but more information on costing more accurate is better for everybody's better for everybody and I T is better for the business. It's better for security and this sticker shock is not the cloud cost so much because it's the exact opposite of the cloud is far more efficient.

The cloud is going to cost you far less. The sticker shock is you had zero awareness or near zero. Where does it what you were spending what you have been spending four years and that applies doubly so for security teams that spend a ton of money and aren't really sure the value that they're generating for the business for the return on those Investments.

So more information is better as always. What do you think of me up online at Mark NCAA in the comments down below and is always by email me and Mark n. C. I look forward to talking to you about this issue and many many others. I hope your setup for a fantastic day and I'll see you on the next show.